Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Chinese researchers break RSA encryption with a quantum computer
October 14, 2024
The research team, led by Wang Chao from Shanghai University, found that D-Wave’s quantum computers can optimize problem-solving in a way that makes it possible to attack encryption methods such as RSA. In a potentially alarming development for global cybersecurity, Chinese researchers have unveiled a method using D-Wave’s quantum annealing systems to crack classic encryption, potentially ...
- Pokémon hack exposes future games, beta designs and more
October 14, 2024
Pokémon developer Game Freak has confirmed its servers were hacked in August. The breach meant internal materials — from source codes to early and even scrapped character designs — were circulating on social media over the weekend. Leaked documents and images flooded Reddit and X after Centro Leaks began dumping it all on Saturday afternoon. It ...
- Over 77,000 customers’ personal information is exposed in Fidelity Investments data breach
October 12, 2024
Fidelity Investments reported in a filing with Maine’s attorney general that an unnamed third party accessed information from its systems using two recently established customer accounts. It did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers. The breach occurred between Aug. 17 and 19 ...
- Critical Veeam Backup & Replication Vulnerability Under Active Exploitation
October 11, 2024
Security researchers have reported CVE-2024-40711 is under active exploitation by ransomware groups. These groups are reportedly exploiting CVE-2024-40711 as a second stage exploit to create new local Administrator accounts to facilitate further objectives on compromised networks. Reports warn of exploitation attempts since shortly after official disclosure by Veeam. Enterprise backup and disaster recovery applications are valuable ...
- CoreWarrior Spreader Malware Surge
October 11, 2024
This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring. Infection Cycle The malware ...
- Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
October 11, 2024
Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of the investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day ...