Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Operation Giant Financial Storm Under Circuit Breaker Orders
August 2, 2024
Since 2022, the BerBeroka group has been mentioned in every annual report released by the QiAnXin Threat Intelligence Center. The group was disclosed by QiAnXin friendly company Trend Micro. QiAnXin researchers have continued to track it under this name after merging internal groups. In fact, BerBeroka is the same as group such as DRBControl and TAG33 . ...
- Israeli hacker group takes responsibility for reported collapse of Wi-Fi in Iran
August 2, 2024
The Israeli hacker group, “We Red Evils Original”, took responsibility for reported WiFi outages in Iran, according to Israeli media on Thursday night. Shortly before reports in Iran, the group posted a message on their Telegram saying, ‘In the coming minutes, we will attack internet systems and providers in Iran. A severe blow is on the ...
- Fighting Ursa Luring Targets With Car for Sale
August 2, 2024
A Russian threat actor Palo Alto Unit 42 track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. Fighting Ursa (aka APT28, Fancy Bear and Sofacy) has been associated with Russian military intelligence and classified as an ...
- How “professional” ransomware variants boost cybercrime groups
August 1, 2024
Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. This requires no extraordinary effort, as source code is often leaked or published. With a set ...
- Report finds Apple devices fare the worst when it comes to full takeover risks
August 1, 2024
A worrying number of environments are vulnerable to complete takeover via escalated privileges, a new report from Picus Security has found. Environments were tested in simulated attacks, with the average organization managing to defend against 7 out of 10 attacks, but considering the constant threat presented by organized cybercrime groups, this leaves a serious margin for potential ...
- Threat Actor Abuses Cloudflare Tunnels to Deliver RATs
August 1, 2024
Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware. Specifically, the activity abuses the TryCloudflare feature that allows an attacker to create a one-time tunnel without creating an account. Tunnels are a way to remotely access data and resources that are not on the local network, like using a virtual ...