Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Mac users warned about new DigitStealer information stealer
November 19, 2025
This variant comes with advanced detection-evasion techniques and a multi-stage attack chain. Most infostealers go after the same types of data and use similar methods to get it, but DigitStealer is different enough to warrant attention. A few things make it stand out: platform-specific targeting, fileless operation, and anti-analysis techniques. Together, they pose relatively new challenges ...
- Understanding the future of offensive AI in cybersecurity
November 19, 2025
As we step into an era where artificial intelligence (AI) plays an increasingly significant role in cybersecurity, discussions surrounding its offensive capabilities are becoming more prominent. A recent report by Anthropic—a leading AI research lab—has sparked the latest conversation on this topic, with questions raised about their claim that an AI-assisted attack they observed was ...
- Dutch government is relinquishing control of Chinese-owned chipmaker Nexperia
November 19, 2025
The Dutch government said it’s relinquishing control of Chinese-owned chipmaker Nexperia, easing a standoff between China and the Netherlands that threatened supplies of semiconductors vital for global auto manufacturing. Economics Affairs Minister Vincent Karremans said Wednesday that he was suspending an earlier order to take control of Nexperia under a rarely invoked law. Read more… Source: ABC News Sign ...
- Myanmar: Authorities arrest nearly 350 in raids targeting illegal gambling and online scam centres on Thai border
November 19, 2025
On the morning of 18 November, security forces together with departmental teams conducted an operation in the Shwe Kokko area, located to the north of Myawady. First, they cleared three buildings that had been constructed without official permission. During the operation, 346 foreign nationals currently under scrutiny were arrested. Nearly ten thousand mobile phones used in ...
- Tens of thousands more ASUS routers pwned by suspected, evolving China operation
November 19, 2025
Around 50,000 ASUS routers have been compromised in a sophisticated attack that researchers believe may be linked to China, according to findings released today by SecurityScorecard’s STRIKE team. Dubbed “Operation WrtHug”, the campaign exclusively targets end-of-life ASUS WRT routers, exploiting multiple known vulnerabilities – some dating back to 2023. The affected routers are primarily concentrated in ...
- IT threat evolution in Q3 2025. Mobile statistics
November 19, 2025
According to Kaspersky Security Network, in Q3 2025, 47 million attacks utilizing malware, adware, or unwanted mobile software were prevented. Trojans were the most widespread threat among mobile malware, encountered by 15.78% of all attacked users of Kaspersky solutions. More than 197,000 malicious installation packages were discovered, including, 52,723 associated with mobile banking Trojans,1564 packages identified ...