Summary: Threat actors are utilizing the ClickFix technique to deploy the NetSupport RAT malware, which allows for extensive control over victims’ devices. This malware, originally intended for legitimate IT support, has been exploited to capture sensitive information and execute malicious commands. The ClickFix method also overlaps with the dissemination of the Lumma Stealer malware, highlighting ongoing trends in cyber threats.
Affected: Organizations using IT support services, individuals visiting compromised websites
Keypoints :
- NetSupport RAT delivers full control over compromised devices, enabling real-time monitoring and file manipulation.
- The ClickFix technique injects fake CAPTCHA pages to trick users into executing harmful PowerShell commands.
- Current developments include the use of PNG files to host malicious components, alongside updates to the Lumma Stealer malware for evading detection.
Source: https://thehackernews.com/2025/02/threat-actors-exploit-clickfix-to.html