Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Reducing the Attack Surface for End-of-Support Edge Devices
February 5, 2026
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.K.’s National Cyber Security Centre (NCSC) are releasing this fact sheet to urge defensive action against malicious cyber activity by nation-state threat actors. Nation-state threat actors exploit end-of-support (EOS) edge devices—including, but not limited to, load balancers, firewalls, routers, and virtual ...
- Data breach at govtech giant Conduent balloons, affecting millions more Americans
February 5, 2026
A data breach at government technology giant Conduent appears to affect far more people than first disclosed, with the number of victims potentially stretching to dozens of millions of people across the United States. The January 2025 ransomware attack, which knocked out Conduent’s operations for several days, is now known to affect at least 15.4 million ...
- Apple’s new iOS setting addresses a hidden layer of location tracking
February 3, 2026
Most iPhone owners have hopefully learned to manage app permissions by now, including allowing location access. But there’s another layer of location tracking that operates outside these controls. Your cellular carrier has been collecting your location data all along, and until now, there was nothing you could do about it. Apple just changed this in iOS ...
- Polish authorities arrest 20-year-old man on suspicion of carrying out DDoS attacks
February 3, 2026
Polish authorities have cuffed a 20-year-old man on suspicion of carrying out DDoS attacks. The Central Bureau for Combating Cybercrime (CBZC) claims the unnamed individual was responsible for attacks on “numerous popular websites,” including those of strategic importance. Given the context, it can be reasonably assumed that strategically important websites likely refers to those providing essential ...
- New malware targets macOS devices via OpenVSX extensions
February 3, 2026
GlassWorm, the malware campaign which targeted VS Code developers on Microsoft’s official Visual Studio Code marketplace, has now expanded to open source alternatives, experts have claimed. Recently, security researchers Socket said they discovered four extensions in Open VSX, an open, vendor-neutral marketplace for editor extensions (mainly used by developers who work with VS Code-compatible editors). These ...
- Northern Ireland: PSNI officers affected by data breach to receive £7,500
February 3, 2026
Almost 10,000 police officers and staff affected by a huge data breach in Northern Ireland are to get a payment of at least £7,500 each. The details of all the PSNI’s serving officers and civilian staff were inadvertently published as part of a response to a Freedom of Information (FOI) request in August 2023. The database ...