Actors threatened observed more commonly Technique Clickfix to deliver the specified Trojan remote access Netsupport Rat Since the beginning of January 2025.
Netsupport rat is usually a team.
Initially known as the Netsupport Manager, it has been developed as a legitimate IT -Dion Program support program, but since then, angry actors have been transformed for targeted organizations and seizing secret information, including screenshots, audio, video and files.
“Clickfix is a technique used by the threat to the introduction of a fake web page on the CAPTCHA on compromised sites, entrusting users to follow certain steps to copy and execute malicious Powershell commands on their hosts – Note In the analysis.
In the chains of the attacks determined by the cybersecurity company, the PowerShell team is used to download and execute the Netsupport client from the remote server, which places malicious components in the form of PNG image files.
Development comes when Clickfix approach is also used spread The updated version of Lumma Stealr’s malicious software that uses Chacha20 to decipher a configuration file containing a list of team servers and control (C2).
“These changes give an idea of the elimination tactics used by developers who are actively working on the treatment of extraction and analysis tools,” – Esentire – noted.
