A new malware campaign using fake DocuSign verification pages infects users with NetSupport RAT by deception and clipboard poisoning. The attack employs spoofed websites and multi-step scripts to bypass security measures and establish remote access. #NetSupportRAT #DocuSignSpoof #ClipboardPoisoning #CyberAttack
Keypoints
- The campaign uses fake DocuSign sites to trick users into executing malicious scripts.
- Clipboard poisoning involves copying malicious PowerShell scripts to the userβs clipboard for execution.
- Multiple stages of script chaining are used to download second-stage payloads and establish persistence.
- The attack infrastructure includes domains mimicking well-known platforms like Netflix and Spotify.
- Security advice emphasizes verifying URLs, SSL certificates, and exercising caution when prompted to run scripts.
Read More: https://www.infosecurity-magazine.com/news/fake-docusign-pages-deliver-rat/