Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- T-Mobile Targeted in Chinese Cyber-Espionage
November 16, 2024
Chinese hackers feasted on T-Mobile as their latest cyber espionage victim. The leading carrier in the US is not the only company affected as other telecom giants are at risk of getting infiltrated. Hackers linked to a Chinese intelligence agency invaded T-Mobile’s network in a months-long operation designed to monitor cellphone communications of high-value intelligence targets, ...
- Schneider Electric Data Breach Leaks Critical Data, Hellcat Ransomware Group Demands Hefty Ransom in Baguettes
November 15, 2024
French digital automation and energy management giant Schneider Electric is investigating a data breach after a hacker claimed they stole dozens of gigabytes and demanded a hefty ransom in Baguettes, a classic popular French bread item. Schneider Electric manufactures various energy management and automation products, from home electrical components to industrial control systems. The Rueil-Malmaison, France-based ...
- Сrimeware and financial cyberthreats in 2025
November 14, 2024
Kaspersky’s Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. Kaspersky researchers also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware families that are financially motivated. These observations, as part of our Kaspersky Security ...
- Ivanti Releases Security Updates for Multiple Products
November 14, 2024
Ivanti has released the following three security advisories addressing vulnerabilities in multiple products. Security Advisory Ivanti Avalanche (Multiple CVEs) – Q4 2024 Release Ivanti Avalanche is a mobile device management solution and is used to remotely manage, deploy software, and schedule updates for enterprise mobile devices. Successful exploitation of five of the vulnerabilities could lead to ...
- Microsoft Releases November 2024 Security Updates
November 13, 2024
Microsoft has released security updates to address 89 vulnerabilities in Microsoft products. The security updates include four critical vulnerabilities, two vulnerabilities that are under zero-day exploitation, and four vulnerabilities that are publicly disclosed. Vulnerability details CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability CVE-2024-43451 is an ‘external control of file name or path’ vulnerability in Windows and Windows ...
- Threats in space (or rather, on Earth): Internet-exposed GNSS receivers
November 13, 2024
Global Navigation Satellite Systems (GNSS) are collections, or constellations of satellite positioning systems. There are several GNSSs launched by different countries currently in operation: GPS (US), GLONASS (Russia), Galileo (EU), BeiDou Navigation Satellite System (BDS, China), Navigation with Indian Constellation (NavIC, India) and Quazi-Zenith Satellite System (QZSS, Japan). These systems are used for positioning, navigation ...