Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data
January 8, 2025
Japan on Wednesday linked more than 200 cyberattacks over the past five years targeting the country’s national security and high technology data to a Chinese hacking group, MirrorFace, detailing their tactics and calling on government agencies and businesses to reinforce preventive measures. MirrorFace sent emails with attachments containing malware to targeted organizations and individuals to view ...
- Enhancing Botnet Detection with AI using LLMs and Similarity Search
January 8, 2025
As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security (TLS) encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control (C2) traffic. These malicious actors often have identifiable characteristics embedded within their TLS certificates, opening a potential pathway for advanced detection techniques. In first-of-its-kind research, ...
- Multiple Vulnerabilities in SonicOS
January 8, 2025
SonicWall has released a security advisory to address three high severity vulnerabilities and one medium severity vulnerability in SonicOS. SonicWall appliances are security appliances that provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. Read more… Source: NHS Digital Sign up for our Newsletter Related:
- AI-supported spear phishing fools more than 50% of targets
January 7, 2025
One of the first things everyone predicted when artificial intelligence (AI) became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective. Now, researchers have conducted a scientific study into the effectiveness of AI supported spear phishing, and the results line up with everyone’s expectations: AI is making it easier to ...
- Italian digital identity provider suffers data breach, 5.5M customers affected
January 7, 2025
InfoCert has had millions of its customers’ personal data stolen and put up for sale. A leading European certification authority and provider of digital identity services such as Italy’s SPID (Public Digital Identity System), InfoCert posted a public notice on its website detailing the data breach on December 27. However, the notice has since been taken ...
- ICAO ‘investigating’ security breach after hacker claims theft of personal data
January 7, 2025
UN aviation agency ‘investigating’ security breach after hacker claims theft of personal data The International Civil Aviation Organization (ICAO), a United Nations agency that defines international operating standards for civil aviation, has confirmed it’s investigating a cybersecurity incident. In a statement published on Monday, ICAO said it is “actively investigating reports of a potential information security ...