A new cyber campaign uses fake websites to trick users into executing malicious PowerShell scripts, leading to the installation of NetSupport RAT malware. Threat actors employ multi-stage downloader scripts and social engineering tactics to evade detection and ensure persistence. #NetSupportRAT #SocGholish
Keypoints
- The campaign uses counterfeit websites pretending to be Gitcode and Docusign to deliver malware.
- Malicious PowerShell scripts are disguised as legitimate applications and delivered via social engineering.
- Attackers use CAPTCHA puzzles combined with clipboard poisoning to execute malicious scripts.
- The multi-stage downloader technique helps evade detection and ensures malware persistence.
- Similar tactics have been linked to known groups like FIN7, Scarlet Goldfinch, and Storm-0408.
Read More: https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html