Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Grandoreiro, the global trojan with grandiose goals
October 22, 2024
Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim’s computer to bypass the security measures of banking institutions. It’s been active since at least 2016 and is now one of the most widespread banking trojans globally. INTERPOL and ...
- Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action
October 22, 2024
Healthcare organizations are an increasingly attractive target for threat actors. In a new Microsoft Threat Intelligence report, US healthcare at risk: strengthening resiliency against ransomware attacks, our researchers identified that ransomware continues to be among the most common and impactful cyberthreats targeting organizations. The report offers a holistic view of the healthcare threat landscape with a ...
- Data storage in spotlight of Italian security committee after Intesa breach
October 22, 2024
Italy’s influential parliamentary committee on security will hold a round of hearings on data storage following a major breach at the country’s biggest bank Intesa Sanpaolo, people familiar with the matter told Reuters on Tuesday. Intesa Sanpaolo is under investigation by prosecutors in the southern Italian city of Bari after it emerged that the accounts of ...
- Hong Kong: ‘Lack of care led to sports association data breach’
October 22, 2024
The Office of the Privacy Commissioner for Personal Data (PCPD) on Tuesday accused the South China Athletic Association (SCAA) of having inadequate policies and a lack of care, after a data breach affecting more than 72,300 members. An attack by a hacker in March resulted in a breach of members’ personal information, including ID card numbers, ...
- Stealer here, stealer there, stealers everywhere!
October 21, 2024
Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. According to Kaspersky Digital Footprint Intelligence, almost 10 million devices, both personal and corporate, were attacked ...
- Internet Archive attackers email support users: “Your data is now in the hands of some random guy”
October 21, 2024
Those who hacked the Internet Archive haven’t gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at website snapshots from the past. It is often used ...