216.73.217.80

How Threat Actors Exploit Human Trust: A Breakdown of the 'Prove You Are Human' Malware Scheme

· Published 05/06/2025 21:19 · Modified 05/06/2025 22:00

Export JSON

Essential information

Published
05/06/2025 21:19
Modified
05/06/2025 22:00
Tags
2025-06-05 captcha clipboard poisoning gitcodes netsupport rat social engineering
Related entities
72 observables, 11 techniques (mitre), 1 malware

Description

A malicious campaign exploits user trust through deceptive websites, including spoofed and fake Docusign verification pages. Victims are tricked into running malicious PowerShell scripts on their Windows machines, leading to the installation of . The multi-stage attack uses and fake CAPTCHAs to deliver the malware. The campaign involves multiple domains, uses ROT13 encoding, and creates persistent infections. Similar techniques were observed in other spoofed content, including Okta and popular media apps. The attack capitalizes on user familiarity with common online interactions, emphasizing the need for vigilance and skepticism in online activities.

External references