Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ireland: Woman, 20s, arrested over potential data breach at utility service provider
December 4, 2024
A woman has been arrested over a potential data breach at a national utility service provider last year. The woman, aged in her 20s, was arrested yesterday and is detained at a garda station in Dublin. The potential breach was identified by members of the Garda National Cyber Crime Bureau in 2023. It was referred to ...
- UK: Ransomware hackers target NHS hospitals with new cyberattacks
December 4, 2024
Ransomware hackers have continued an assault on National Health Service trusts across the United Kingdom by compromising multiple hospitals, exposing sensitive patient data and disrupting emergency services. Inc Ransom, a prolific Russia-linked ransomware group that claimed responsibility for an attack on NHS Scotland earlier this year, now claims to have breached the Alder Hey Children’s Hospital ...
- Foreign espionage agencies exploit crowdsourcing for covert intelligence gathering in China
December 4, 2024
China’s Ministry of State Security revealed on Wednesday that foreign intelligence agencies are using crowdsourcing to gather sensitive data in China, posing a covert but serious threat to national security. This covert method, dubbed “crowdsourced espionage,” poses an escalating threat. Foreign intelligence agencies break down intelligence-gathering missions into smaller, discrete tasks and distribute them via legitimate ...
- AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records
December 3, 2024
Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names. But the way its solution is set up ...
- INTERPOL campaign warns against cyber and financial crimes
December 3, 2024
INTERPOL has launched a campaign to raise awareness on the growing threat of cyber and financial crimes against vulnerable individuals and organizations. The Think Twice campaign, which includes a series of short videos, focuses on five rising online threats: ransomware attacks, malware attacks, phishing, generative AI scams, and romance baiting. These sophisticated scams have seen a ...
- Major SABS cyberattack raises questions about entity’s leadership
December 3, 2024
The South African Bureau of Standards (SABS) has suffered a major ransomware cyberattack, resulting in critical IT systems going down, Engineering News has learned. This is not the first time the SABS IT infrastructure has been hacked, with previous incidents reported in 2023 and again in April this year. The SABS confirmed the attack, telling Engineering ...