Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Crooks bank on Microsoft’s search engine to phish customers
November 4, 2024
Malwarebytes Labs researchers identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. A Bing search query for ‘Keybank login’ currently returns malicious links on the first page, and sometimes as the top search result. Malwarebytes Labs has reported the fraudulent sites to Microsoft already. While Microsoft’s Bing only has ...
- GoZone Ransomware Adopts Coercive Tactics to Extract Payment
November 4, 2024
This week, the SonicWall Capture Labs threat research team analyzed a ransomware that not only encrypts files but also accuses the victim of harboring explicit content on their computer and then threatens to turn it over to authorities if ransom is not paid. Extortion attacks often come as unsolicited emails, and GoZone has stooped to pretending ...
- New Trend in MSI File Abuse: New OceanLotus Group First to Use MST Files to Deliver Tromas
November 4, 2024
During recent daily operations, the QiAnXin Threat Intelligence Center discovered that the new OceanLotus group, which we have been continuously tracking since mid-2022, has begun to re-activate and is using a new tactic of MSI file misuse. Even though the MSI TRANSFORMS technique was theoretically disclosed in 2022, this is the first time that QiAnXin researchers have ...
- Stealc Malware Checks Everything – Even the Screen Resolution
November 4, 2024
This week, the SonicWall Capture Labs threat research team reviewed a sample of Stealc malware. This is an infostealer that digs through a victim’s system to extract credentials from browsers, cryptocurrency wallets and fileshare servers. Processes are monitored, as well as keystrokes, active windows and mouse clicks. It will also disable security applications and change network ...
- Telematics giant Microlise suffers cyber attack
November 1, 2024
Telematics giant Microlise suffers cyber attack By Gareth Roberts | 1 November 2024 Connected vehicles Microlise has suffered a cyber attack, with a large proportion of the company’s services affected, leaving fleets without some tracking services. The Microlise board says it has appointed external cyber security specialists whose investigations are underway to establish the nature and ...
- CVE-2024-9379: Ivanti Cloud Service Appliance Authenticated SQL Injection
November 1, 2024
The SonicWall Capture Labs threat research team became aware of an authenticated SQL injection vulnerability affecting Ivanti Cloud Service Appliances (CSA). Identified as CVE-2024-9379 and with a moderate score of 6.5 CVSSv3, the vulnerability is more severe than it initially appears due to reported exploitation attempts. Recently, in its October security update, Ivanti announced, “We are ...