Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Financial Cyberthreats in 2020
March 31, 2021
2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new conditions, so were scammers. As a result, 2020 was extremely eventful in terms of ...
- APT Charming Kitten Pounces on Medical Researchers
March 31, 2021
Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten. The campaign—dubbed BadBlood because of its medical focus and the history of tensions between Iran and Israel–aimed ...
- Department of Homeland Security email accounts exposed in SolarWinds hack
March 30, 2021
Email accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors. The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply-chain attack. SolarWinds, the central point of entry, was compromised by threat actors in December who were able to plant a malicious Orion ...
- New survey report released: The state of industrial cybersecurity (Part 1)
March 29, 2021
The cybersecurity has been the word not only in IT world, but also in ICS/OT world. The Stuxnet targeting SCADA systems were uncovered as first ICS malware to damage nuclear plants in 2010. The Wannacry became worldwide famous ransom worm which spread on hundreds of thousands of vulnerable computers and encrypt their data in 2017. ...
- PHP Infiltrated with Backdoor Malware
March 29, 2021
The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. They were discovered before they went into production. PHP is a widely used open-source scripting language often used for web development. It can be embedded into HTML. The commits were pushed ...
- Harris Federation hit by ransomware attack affecting 50 schools
March 29, 2021
The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday. Harris Federation is an education charity running 50 Harris primary and secondary academies with 37,000 students from London and surrounding areas. The attack hit the school trust’s systems over the weekend on Saturday, March 27, ...