Cyber-attackers Use ClickFix to Deploy NetSupport RAT
ClickFix is a technique used by threat actors to inject a fake CAPTCHA webpage on compromised websites. It tricks users into executing malicious PowerShell commands on their host to download and run malware payloads.
A remote access trojan named NetSupport RAT which is propelled via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download files, and launch and execute malicious commands.
Since early January 2025, hackers have been employing the ClickFix technique to download and execute the NetSupport RAT client from a remote server that hosts the malicious components in the form of PNG image files and propagate their cyber-attack. Read more about this story on our LinkedIn page
A remote access trojan named NetSupport RAT which is propelled via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download files, and launch and execute malicious commands.
Since early January 2025, hackers have been employing the ClickFix technique to download and execute the NetSupport RAT client from a remote server that hosts the malicious components in the form of PNG image files and propagate their cyber-attack. Read more about this story on our LinkedIn page