Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method.
Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the powershell script downloads another downloader script and executes on the system, which in turn retrieves additional payloads and executes them eventually installing NetSupport RAT on the infected machines,” the researchers said in their report.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- MonitorMinor: vicious stalkerware?
March 16, 2020
What is the usual functionality of stalkerware? The most basic thing is to transmit the victim’s current geolocation. There are many such “stalkers”, since various special web resources are used to display coordinates, and they only contain a few lines of code. Often, their creators use geofencing technology, whereby a notification about the victim’s movements is ...
- Analysis: Abuse of .NET features for compiling malicious programs
March 12, 2020
The .NET framework, a software development framework created by Microsoft and is now a built-in component of Windows, includes components that enable developers to compile and execute C# source code during runtime. This allows programs to update or load modules without having to restart. While the .NET framework is originally intended to help software engineers, cybercriminals ...
- Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)
March 11, 2020
Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE). Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the ...
- Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
March 11, 2020
Trend Micro recently discovered a new campaign that we dubbed “Operation Overtrap” for the numerous ways it can infect or trap victims with its payload. The campaign mainly targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack. Based on our telemetry, Operation Overtrap has been active since April 2019 ...
- Wormable, Unpatched Microsoft Bug Threatens Corporate LANs
March 11, 2020
Microsoft is warning on a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017. The critical bug (CVE-2020-0796) affects Windows 10 and Windows Server 2019, and was not included in Microsoft’s Patch Tuesday release this week. The bug can be found in ...
- Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks
March 11, 2020
According to new research published today, modern RAM cards are still vulnerable to Rowhammer attacks despite extensive mitigations that have been deployed by manufacturers over the past six years. These mitigations, collectively referred to as Target Row Refresh (TRR), are a combination of software and hardware fixes that have been slowly added to the design of ...