Files

osint-articles
- 2025-01-02 Hackers Hijack 35 Google Chrome Extensions in Phishing Campaign
- 2025-01-03 Malicious Obfuscated npm Package Deploys Quasar RAT
- 2025-01-06 Beware Fake Game Sites Steal Your Information
- 2025-01-07 Eagerbee Backdoor Targets Middle Eastern Government and ISPs
- 2025-01-07 FireScam Android Malware Poses as Telegram Premium to Steal Data
- 2025-01-09 Neglected Domains Fuel Malspam to Bypass Email Security Measures
- 2025-01-09 Researchers Expose NonEuclid RAT's Advanced Evasion Techniques
- 2025-01-10 CrowdStrike Job Offers Used to Deploy Crypto Miners
- 2025-01-10 Stealer Evades Detection with Apple XProtect Encryption
- 2025-01-10 Stealer Masquerades as LDAPNightmare PoC Exploit
- 2025-01-13 AI-Driven Ransomware FunkSec Targets 85 Victims with Double Extortion
- 2025-01-14 WordPress Skimmers Evade Detection by Injecting Malicious Code into Database Tables
- 2025-01-15 Hackers Use FastHTTP for High-Speed Microsoft 365 Password Attacks
- 2025-01-16 Hackers Exploit Google Search Ads to Hijack Google Ads Accounts
- 2025-01-17 Python-Based Malware Powers RansomHub's Exploitation of Network Flaws
- 2025-01-17 Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
- 2025-01-20 Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers
- 2025-01-20 New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts
- 2025-01-21 DoNot Team Linked to New Tanzeem Android Malware for Intelligence Collection
- 2025-01-22 PNGPlug Loader Delivers ValleyRAT Malware to Chinese-Speaking Regions
- 2025-01-22 Ransomware Gangs Pose as IT Support in Microsoft Teams Phishing Attacks
- 2025-01-24 Cybercrime Connections Shared Codebase Links Morpheus and HellCat Ransomware
- 2025-01-24 Juniper VPN Gateways Under Siege The Stealthy Rise of Magic Packet Malware
- 2025-01-24 QakBot-Linked BC Malware Evolves with Enhanced Remote Access and Data Gathering
- 2025-01-27 Hacker Turns Tables on 18,000 Script Kiddies with Deceptive Malware Builder
- 2025-01-27 Hackers Exploit Windows RID Hijacking for Stealthy Admin Account Creation
- 2025-01-29 PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
- 2025-01-30 New Aquabotv3 Botnet Malware Targets Mitel Command Injection Vulnerability
- 2025-02-03 Crazy Evil Gang Exploits Crypto with Advanced Social Engineering and Malware
- 2025-02-03 Malvertising Scam Exploits Google Ads to Hijack Advertiser Accounts
- 2025-02-04 DeepSeek AI Tools Impersonated by Infostealer Malware on PyPI
- 2025-02-05 Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
- 2025-02-05 North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
- 2025-02-05 macOS Infostealers Exploiting macOS Environments
- 2025-02-06 Crypto-Stealing Apps Surface in Apple's App Store for the First Time
- 2025-02-06 Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials
- 2025-02-06 Sophos Warns of Novel SVG Phishing Tactics Bypassing Security Measures
- 2025-02-07 Fake Google Chrome Sites Spreading ValleyRAT Malware Through DLL Hijacking
- 2025-02-07 Kimsuky Hackers Deploy New Custom RDP Wrapper for Remote Access Exploits
- 2025-02-07 Microsoft Warns Exposed ASP.NET Keys Used for Malware Deployment
- 2025-02-12 Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT
  - endpoint-iocs.txt
  - iocs.txt
  - network-iocs.txt
  - readme.md
- 2025-02-13 BadPilot Network Hacking Fuels Russian Sandworm's Global Cyber Attacks
- 2025-02-14 FINALDRAFT Malware Exploits Microsoft Graph API for Espionage
- 2025-02-14 Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
- 2025-02-17 Microsoft Hackers Steal Emails Using Device Code Phishing Attacks
- 2025-02-18 New Golang-Based Backdoor Leverages Telegram for Evasive C2 Operations
- 2025-02-19 New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
- 2025-02-20 Invisible Unicode Used in Phishing Trick
- 2025-02-20 Russian Phishing Campaigns Exploit Signal’s Device-Linking Feature
- 2025-02-25 New Malware Campaign Spreading via Cracked Software
- 2025-02-26 Auto-Color Linux Backdoor Targets North American Governments and Universities
- 2025-02-26 GitVenom Malware Campaign Hijacks GitHub Repos to Steal Cryptocurrency
- 2025-02-27 VSCode Extensions with 9 Million Installs Removed Due to Hidden Security Threats
- 2025-02-28 PayPal’s No-Code Checkout Exploited by Scammers in Sophisticated Ad Fraud Scheme
- 2025-03-04 Hackers Leverage AWS Misconfigurations for Phishing via SES and WorkMail
- 2025-03-04 New ClickFix Phishing Attack Unleashes Havoc C2 via Microsoft SharePoint
- 2025-03-05 New Polyglot Malware Targets Aviation and Satellite Firms in UAE
- 2025-03-06 Seven Malicious Go Packages Caught Deploying Malware on Linux and macOS Systems
- 2025-03-07 Akira Ransomware Exploits Unsecured Webcam to Encrypt Network and Evade EDR
- 2025-03-07 Malvertising Campaign Infected Nearly 1 Million PCs Worldwide
- 2025-03-10 Microsoft Warns of North Korean Hackers Using Qilin Ransomware in Cyberattacks
- 2025-03-11 Desert Dexter Malware Campaign Infects 900+ Victims via Facebook Ads and Telegram Links
- 2025-03-12 North Korean Lazarus Hackers Target Developers with Malicious npm Packages
- 2025-03-12 AI-Powered Fake GitHub Repos Distribute SmartLoader and Lumma Stealer Malware
- 2025-03-13 CISA Warns of Medusa Ransomware Targeting Over 300 Critical Infrastructure Organizations
- 2025-03-13 North Korean Android Spyware 'KoSpy' Sneaks Onto Google Play in Covert Campaign
- 2025-03-13 The Dark Side of Sports Betting Mirror Sites Fueling Gambling Scams
- 2025-03-14 ClickFix Phishing Campaign Targets Hospitality Sector with Fake Booking.com Emails
- 2025-03-14 Obscure#Bat Malware Campaign Deploys Rootkit via Fake CAPTCHA Pages
- 2025-03-14 SuperBlack Ransomware Exploits Fortinet Auth Bypass Flaws in Targeted Attacks
- 2025-03-17 Black Basta Ransomware Unleashes Automated VPN Brute-Forcing Tool 'BRUTED'
- 2025-03-18 New StilachiRAT Malware Targets Crypto Wallets and System Reconnaissance
- 2025-03-19 Unpatched Windows Zero-Day Fuels State-Sponsored Cyber Espionage Since 2017
- 2025-03-20 DollyWay Malware Campaign Compromises Over 20,000 WordPress Sites
- 2025-03-20 Dragon RaaS Pro-Russian Hacktivists Leverage Five Families Legacy in Cybercrime Push
- 2025-03-24 Medusa Ransomware Deploys Malicious ABYSSWORKER Driver to Neutralize Anti-Malware Defenses
- 2025-03-31 Crocodilus Malware Targets Android Users’ Crypto Wallets with Deceptive Overlays
- 2025-03-31 Morphing Meerkat PhaaS Leverages DNS-over-HTTPS to Slip Past Security Defenses
- 2025-04-01 North Korean Lazarus Group Deploys ClickFix Attacks to Target Crypto Industry
- 2025-04-02 Over 1,500 PostgreSQL Servers Hijacked in Stealthy Fileless Crypto Mining Campaign
- 2025-04-02 QR Code Phishing Surge Attackers Innovate with Redirects and Turnstile Evasion
- 2025-04-04 Hunters International Rebrands as World Leaks and Pivots to Pure Data Extortion
- 2025-04-04 Microsoft Flags Tax-Themed Phishing Surge Using PDFs and QR Codes to Deploy Malwar
- 2025-04-08 EncryptHub’s Double Game Cybercrime Turned Windows Bug Bounty Hunter
- 2025-04-08 Malicious VSCode Extensions Sneak Cryptominers onto Windows Systems
- 2025-04-11 AkiraBot’s AI-Powered Spam Campaign Hits 420,000 Websites with CAPTCHA-Evading Tactics
- 2025-04-11 Malicious npm Package Targets Crypto Wallets with Persistent Clipper Malware
- 2025-04-11 Russian Gamaredon Hackers Target Western Military Mission with Malicious USB Drives
- 2025-04-11 U.S. Toll Road Smishing Scams A Growing Threat to Drivers Nationwide
- 2025-04-15 BPFDoor’s Hidden Controller Fuels Stealthy Cyberespionage Across Asia and the Middle East
- 2025-04-15 ResolverRAT Malware Targets Global Pharma and Healthcare with Stealthy Phishing Attacks
- 2025-04-15 Slow Pisces Deploys Custom Python Malware in Coding Challenge Scam Targeting Crypto Developers
- 2025-04-18 57 Chrome Extensions with 6 Million Installs Caught with Hidden Tracking Code
- 2025-04-18 State-Sponsored Hackers from Iran, North Korea, and Russia Leverage ClickFix for Targeted Malware Attacks
- 2025-04-18 Windows NTLM Hash Leak Vulnerability Exploited in Phishing Attacks Targeting Governments
- 2025-04-21 Interlock Ransomware Gang Deploys ClickFix Attacks with Fake IT Tools to Breach Networks
- 2025-04-21 SuperCard X Android Malware Exploits NFC Relay Attacks for Payment Fraud
- template
threat-hunting-scripts
.gitignore
README.md

2025-02-12 Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

added Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

Feb 12, 2025

936ff7e · Feb 12, 2025

Name	Name	Last commit message	Last commit date
parent directory ..
endpoint-iocs.txt	endpoint-iocs.txt	added Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT	Feb 12, 2025
iocs.txt	iocs.txt	added Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT	Feb 12, 2025
network-iocs.txt	network-iocs.txt	added Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT	Feb 12, 2025
readme.md	readme.md	added Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT	Feb 12, 2025

readme.md

Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

Cyber attackers are abusing the ClickFix method to distribute NetSupport RAT by tricking users with fake CAPTCHA pages into executing PowerShell commands. This malware gives attackers full control over compromised systems, highlighting the need for vigilance against deceptive browser prompts.

Key takeaways:

⚠️ Exploitation Method: Threat actors use ClickFix, a social engineering tactic, to deploy NetSupport RAT.

🔗 Fake CAPTCHA: Malicious websites masquerade as CAPTCHA checks to execute harmful PowerShell scripts.

🖥️ Malware Capabilities: NetSupport RAT allows attackers to remotely control devices, including screen monitoring and file manipulation.

🔍 Prevalence: Over 6,000 WordPress sites have been compromised in recent ClickFix campaigns.

🛡️ Security Advice: Users should be cautious of unexpected browser updates or CAPTCHA prompts and ensure they're on legitimate sites.

🔗 https://buff.ly/3WYwkqq

Package Content

iocs.txt: List of all Indicators of Compromise (IOCs) in the article.
endpoint-iocs.txt: List of endpoint IOCs in the article.
network-iocs.txt: List of network IOCs in the article.

Note

Use the following scripts in threat-hunting-scripts to help you hunt:

verify-iocs-vt.py: Verify IOCs using VirusTotal Community API.
iocs-to-cs.py: Upload IOCs to CrowdStrike Falcon IOC Management for detection and blocking.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

2025-02-12 Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

2025-02-12 Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

readme.md

Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

Package Content

Files

2025-02-12 Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

Directory actions

More options

Directory actions

More options

Latest commit

History

2025-02-12 Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

Folders and files

parent directory

readme.md

Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT

Package Content