Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Security company ADT announces security breach of customer data
August 9, 2024
Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision (SEC) to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” ADT filed the 8-K on August 7, adding that the incident happened “recently,” but refraining from providing an exact date. The company ...
- UK police commissioner threatens to extradite, jail US citizens over online posts
August 9, 2024
London’s Metropolitan Police chief warned that officials will not only be cracking down on British citizens for commentary on the riots in the U.K., but on American citizens as well. “We will throw the full force of the law at people. And whether you’re in this country committing crimes on the streets or committing crimes from ...
- JG Summit Holdings probing ‘possible’ cyber attack
August 9, 2024
Gokongwei-led conglomerate JG Summit Holdings Inc. is investigating an alleged cybersecurity attack which was claimed to have affected thousands of the company’s computers. RansomHub, which was supposedly responsible for the attack, expressed frustration over being ignored by JG Summit and was threatening to initiate additional attacks if its demands were not met, according to Deep Web ...
- Royal Ransomware Actors Rebrand as “BlackSuit”
August 8, 2024
The FBI and CISA recently published an update to the joint Cybersecurity Advisory “#StopRansomware: Royal Ransomware.” The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit variants (previously Royal). FBI investigations identified these TTPs and IOCs as recently as July 2024. See ...
- UK: Woman arrested for ‘sharing inaccurate information about identity of Southport attacker’
August 8, 2024
A woman has been arrested in relation to a social media post containing ‘inaccurate information about the identity of the attacker’ in the Southport stabbings. The 55-year-old woman from near Chester, was arrested on Thursday (August 8). She was taken into custody on suspicion of publishing written material to stir up racial hatred and false communications. ...
- Russia: Massive DDoS attack on Kursk Region repelled
August 8, 2024
The Ministry of Digital Development, Communications and Mass Media of the Russian Federation has reported that a massive distributed denial-of-service (DDoS) attack on the Kursk Region’s local services has been successfully thwarted. “A massive DDoS attack on the regional services of the Kursk Region has been repelled and specialists have already restored all online activity,” the ...