Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- 9 months after the largest healthcare breach in history, UnitedHealth subsidiary back online
November 22, 2024
Change Healthcare—a subsidiary of the global health company UnitedHealth Group — has restored its medical billing services nine months after suffering an unprecedented ransomware attack that left providers with serious cashflow problems, threatened access to care, and leaked sensitive information onto the dark web. Change Healthcare, one of the largest health payment processing companies in the ...
- Fake Google Chrome Website Tricks Users into Installing Malware
November 22, 2024
Google Chrome is the most widely used web browser in the world, and this dominance makes it a great vector for cybercriminals to use to spread malware to unsuspecting users. The SonicWall Capture Labs threat research team recently found what appears to be a legitimate website where a user can download and install Google Chrome. But ...
- Ford denies it was hit by data breach, says customer data is safe
November 22, 2024
Ford has denied suffering a data breach frecently, saying the information circulating around the web belongs to a third party and is, for the most part, publicly available. A known leaker with the alias EnergyWeaponUser recently posted a new thread on BreachForums, claiming to be sharing Ford’s data for free. “Today, I have uploaded the Ford ...
- Andrew Tate ‘online university’ suffers breach: 800,000 users’ data exposed
November 22, 2024
Far-right influencer and self-described misogynist Andrew Tate has become the target of an anonymous hacktivist group. Sensitive data from hundreds of thousands of subscribers to Tate’s “online university” was stolen. On Thursday, hackers announced their breach of Tate’s “The Real World” website by flooding the private members’ chatroom with pro-feminist emojis and transgender pride flags, as ...
- Update now – Apple confirms vulnerabilities are already being exploited
November 20, 2024
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can. To check if you’re using ...
- Fintech giant Finastra confirms it’s investigating a data breach
November 20, 2024
Finastra, a London-based financial software company that serves most of the world’s top banks, has confirmed it’s investigating a data breach after a hacker claimed a compromise of the company’s internal file-transfer platform. In a statement given to TechCrunch, Finastra spokesperson Sofia Romano confirmed the fintech giant detected what it calls “suspicious activity” related to an ...