Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hacker warns victims after leaking 6.8 billion emails online
February 12, 2026
A hacker claims to have obtained, and leaked, 6.8 billion unique email addresses – and although the claims are unverified at this time, initial reports indicate at least half of those emails are real. Researchers at Cybernews recently found a new post on a popular data leak forum created by a hacker with the alias Adkka72424 ...
- ISA warns of increasing cyber attacks against Israeli officials
February 11, 2026
The ISA and the National Cyber Directorate announced on Wednesday that they thwarted hundreds of cyberattack attempts over the past year carried out by Iranian intelligence operatives. According to the agencies, the attacks targeted senior government and defense officials, academics, journalists, and employees in the defense industry. A joint statement said a marked escalation in hostile ...
- RenEngine: When “free” comes at too high a price
February 11, 2026
Kaspersky researchers often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware that employs advanced techniques and sophisticated infection chains. In February 2026, researchers from Howler Cell announced the discovery of a mass campaign distributing pirated games infected with a previously unknown ...
- Patch Tuesday – February 2026
February 11, 2026
Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today’s vulnerabilities, and notes public disclosure for three of those. Earlier in the month, All three of the publicly disclosed zero-day vulnerabilities published today are security feature bypasses, and Microsoft acknowledges the same cast of ...
- Spam and phishing in 2025
February 11, 2026
In 2025, online streaming services remained a primary theme for phishing sites within the entertainment sector, typically by offering early access to major premieres ahead of their official release dates. Alongside these, there was a notable increase in phishing pages mimicking ticket aggregation platforms for live events. Cybercriminals lured users with offers of free tickets to ...
- Beyond the Battlefield: Threats to the Defense Industrial Base
February 10, 2026
In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cyber operations conducted by state-sponsored actors and criminal groups alike. In recent years, Google Threat Intelligence Group (GTIG) ...