TechFlow news — On January 15, Scam Sniffer issued a security alert exposing a new phishing attack that uses forged Cloudflare verification pages. Attackers are luring users to fake websites mimicking kick[.]com[.]im/stripcoin, prompting them to press Windows + R and paste what appears to be "verification text," which in fact injects malicious PowerShell commands.
The attack process includes:
Directing users through a forged Cloudflare verification page;
Hosting malicious payloads via i.imghippo[.]com;
Downloading malware disguised as "OneDrive.exe";
Establishing persistent infection via Windows startup entries;
Scam Sniffer reminds users to:
Be aware that legitimate websites never require users to execute command-line operations;
Remain vigilant against any clipboard-based verification requests;
Always verify the authenticity of websites;
Beware of unauthorized privilege escalation requests;
Check for potential tampering in Windows Run command history.




