Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto
May 7, 2026
Police have arrested and brought 44 charges against three men for allegedly operating an SMS blaster in downtown Toronto. The scheme, which began in November 2025, is the “first known instance” of an SMS blaster operating in Canada, according to the police report. In a statement, the Toronto Police Service said it believes tens of thousands of ...
- Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
May 6, 2026
Researchers at Rapid7 say that they have spotted what they believe was an Iranian intelligence cyber unit masquerading as the Chaos ransomware gang to hide a state-sponsored espionage operation. The intrusion was spotted earlier this year, and investigators say breadcrumbs left behind give them “medium confidence” in saying it was the work of MuddyWater, which has ...
- DOJ says ransomware gang tapped into Russian government databases
May 6, 2026
A U.S. court has sentenced Latvian hacker Deniss Zolotarjovs to more than eight years in prison following his conviction for carrying out ransomware attacks. The Justice Department accused the hacker of working for a notorious Russian ransomware gang called Karakurt, which was led by former leaders of the Akira and Conti ransomware gangs, who were sanctioned ...
- Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
May 6, 2026
On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this vulnerability. The vulnerability carries a CVSSv4 score of 9.3 and has been confirmed as exploited in the wild ...
- Update WhatsApp now: Two new flaws could expose you to malicious files
May 5, 2026
Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities. WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. These bugs don’t automatically infect ...
- DAEMON Tools software compromised with a malicious payload
May 5, 2026
In early May 2026, Kaspersky researchers identified installers of the DAEMON Tools software, used for mounting disk images, to be compromised with a malicious payload. These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers. Kaspersky analysis revealed that the software installers have been ...