Hackers Weaponize ClickFix CAPTCHA Scam to Unleash Powerful Remote Control Malware

Cybercriminals Leverage ClickFix Technique to Deploy NetSupport RAT

Security researchers have identified a new cyber threat campaign utilizing the ClickFix technique to distribute NetSupport RAT since January 2025. Originally designed as a legitimate remote IT support tool, NetSupport RAT has been weaponized by threat actors to gain unauthorized access to victims’ systems.

The malware deployment process begins with compromised websites displaying fake CAPTCHA pages that trick users into executing malicious PowerShell commands. These commands download and install the NetSupport RAT client, disguised as PNG image files, from remote servers.

Once installed, NetSupport RAT provides attackers with comprehensive control over infected systems, enabling:
– Real-time screen monitoring
– Keyboard and mouse control
– File transfer capabilities
– Remote command execution
– Capture of sensitive data (screenshots, audio, video)

Security firm eSentire reports that the ClickFix technique is also being employed to distribute an updated version of Lumma Stealer malware, which now implements ChaCha20 encryption for C2 server communication. This development demonstrates the evolving nature of threat actors’ evasion tactics to bypass security measures.

Keywords: cybersecurity threats, NetSupport RAT malware, ClickFix technique, malware deployment, remote access trojans, cyber attack prevention

Share This Article

Hackers Weaponize ClickFix CAPTCHA Scam to Unleash Powerful Remote Control Malware

Related Articles

Hackers Exploit Cisco’s Hidden Backdoor: Critical Smart Licensing Flaws Under Active Attack

Urgent: Critical RCE Vulnerability in Veeam Backup Servers Requires Immediate Patching

China-Backed Hackers Expand Targets: MirrorFace Unleashes Sophisticated Malware on European Diplomats

Quick Links

Company

Get In Touch