PANews reported on January 15 that blockchain security company Scam Sniffer shared a variant attack in which attackers used fake Cloudflare verification pages to deploy malware through clipboard injection and command execution. The attack works as follows: users are directed to a fake page and asked to press Windows + R and paste "verification text"; the attack is divided into multiple stages: injecting PowerShell commands, hosting malicious payloads, downloading and executing malware disguised as "OneDrive.exe", and maintaining persistence through Windows startup items. Scam Sniffer reminded that you should not run commands provided by anyone, as formal services will not require you to run commands, be skeptical of clipboard-based verification, and always verify the authenticity of the website.