Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach
October 23, 2020
COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports. The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human trials. The Drug Control General of India (DCGI) gave the ...
- US Treasury sanctions Russian research institute behind Triton malware
October 23, 2020
The US Treasury Department announced sanctions today against a Russian research institute for its role in developing Triton, a malware strain designed to attack industrial equipment. Sanctions were levied today against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (also known as CNIIHM or TsNIIKhM). A FireEye report ...
- Wireshark Tutorial: Examining Dridex Infection Traffic
October 23, 2020
This tutorial is designed for security professionals who investigate suspicious network activity and review network packet captures (pcaps). Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x. Dridex is the name for a family of information-stealing malware that has also been described as a banking Trojan. This malware first appeared ...
- Nvidia tackles code execution flaws, data leaks in GeForce Experience
October 23, 2020
Nvidia has resolved a trio of vulnerabilities impacting the GeForce Experience suite. GeForce Experience is software designed by Nvidia with games and live streamers in mind, including driver update management, driver optimization for gaming and graphics cards, and both video & audio capture. On October 22, Nvidia said the firm’s latest security update tackles issues found in ...
- Phishing Attack Targets Office 365 Users
October 22, 2020
Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login credentials. Teams is Microsoft’s popular collaboration tool, which has particularly risen in popularity among remote workforces during the pandemic – making it an attractive brand for attackers to ...
- On the trail of the XMRig miner
October 22, 2020
As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig. How it all began: ransominer Alongside well-known groups that make money from data theft and ransomware (for example, Maze, ...