This New Malware Hides on Infected Websites to Steal Your Data
Robert Moore ·
Listen to this article~3 min
A new modular malware called TELEPUZ is spreading through infected websites using fake ClickFix prompts. It steals data and runs commands on your device. Learn how to protect yourself.
Cybersecurity researchers have raised the alarm about a new modular malware called TELEPUZ. It has been spreading through websites infected with ClickFix lures since late April 2026. If you've visited a compromised site and clicked a fake update prompt, you could be at risk.
This isn't your average malware. TELEPUZ is described as "full-featured, lightweight, and modular" by Elastic Security Labs researcher Cyril François. While the number of command-and-control (C2) domains is currently small, the daily activity suggests this threat is growing fast.
### How TELEPUZ Spreads
The malware uses ClickFix lures—fake alerts that trick you into clicking a button to fix an issue. These often appear as browser update prompts or error messages. Once you click, the malware downloads silently to your system.
Here's what makes TELEPUZ dangerous:
- It can steal sensitive data like passwords and credit card numbers
- It runs remote commands on your device, giving attackers control
- It's modular, meaning new features can be added over time
### What This Means for You
If you're in the United States and use antidetect browsers for privacy or work, this is a wake-up call. TELEPUZ targets anyone who visits infected websites, regardless of their browser setup. The malware is designed to evade detection by being lightweight and flexible.
> "While the number of C2 domains is currently small, the daily activity suggests this threat is growing fast." – Elastic Security Labs
### Protecting Your System
To stay safe, follow these steps:
- Avoid clicking on pop-up alerts that ask you to update software
- Use an ad blocker to reduce exposure to malicious ads
- Keep your antidetect browser updated with the latest security patches
- Run regular scans with a trusted antivirus tool
TELEPUZ is a reminder that even the best antidetect browsers can't protect you from every threat. The key is staying vigilant and avoiding suspicious prompts online. As this malware evolves, researchers will keep tracking its C2 domains and release updates to block them.
### Final Thoughts
Cybersecurity is a moving target. TELEPUZ shows how attackers are getting smarter, using fake update prompts to slip past defenses. By understanding how it spreads and taking simple precautions, you can reduce your risk. Remember: if something looks off online, trust your gut and don't click.