EXECUTIVE SUMMARY
A malicious campaign has been observed abusing fake Cloudflare CAPTCHA verification pages hosted on superboomer[.]world to socially engineer users into executing a malicious PowerShell command. Instead of presenting a legitimate CAPTCHA challenge, the webpage instructs visitors to press Win + R, paste a provided command, and execute it. This technique leverages user interaction to bypass traditional browser-based security controls and initiate malware delivery.
Once executed, the PowerShell command downloads an executable from an attacker-controlled infrastructure (cdn-8295dd.cloudflareinsight.com), saves it into the victim’s %TEMP% directory as 03c4abe0.exe, removes the downloaded file’s Mark-of-the-Web (Zone.Identifier) alternate data stream, and executes it. Additional reporting indicates that the payload may also be written as adb44c1a.exe in the temporary directory. Organizations should treat any systems that have executed the command as potentially compromised and perform immediate containment and forensic investigation.
- Active Region: Global
- Affected Sector: Multiple sectors (Opportunistic targeting)
- Affected Product: Windows endpoints; users accessing malicious websites
- Severity: High
- Published Date: JUN 24, 2026
TECHNICAL DETAILS
The campaign relies on ClickFix-style social engineering, where users are instructed to manually execute a PowerShell command under the guise of completing a Cloudflare verification.
- Target: any user visiting the malicious website and following the instructions
- Prerequisite For Exploitation: The victim must browse to the malicious website superboomer[.] world or otherwise be redirected to it
- Observed malicious PowerShell command:……



