How Threat Actors Exploit Human Trust: A Breakdown of the 'Prove You Are Human' Malware Scheme
Essential information
- Published
- 05/06/2025 21:19
- Modified
- 05/06/2025 22:00
- Tags
- 2025-06-05 captcha clipboard poisoning gitcodes netsupport rat social engineering
- Related entities
- 72 observables, 11 techniques (mitre), 1 malware
Description
A malicious campaign exploits user trust through deceptive websites, including spoofed Gitcodes and fake Docusign verification pages. Victims are tricked into running malicious PowerShell scripts on their Windows machines, leading to the installation of NetSupport RAT. The multi-stage attack uses clipboard poisoning and fake CAPTCHAs to deliver the malware. The campaign involves multiple domains, uses ROT13 encoding, and creates persistent infections. Similar techniques were observed in other spoofed content, including Okta and popular media apps. The attack capitalizes on user familiarity with common online interactions, emphasizing the need for vigilance and skepticism in online activities.