New Cyberattack Campaign Uses Deceptive Websites to Spread NetSupport RAT Malware

A new cyberattack campaign is using deceptive websites to trick users into running malicious PowerShell scripts and infecting their machines with the NetSupport RAT malware. The DomainTools Investigations (DTI) team has identified multi-stage download PowerShell scripts hosted on bait sites posing as Gitcode and DocuSign. These scripts are designed to infect systems with the NetSupport RAT malware, allowing attackers to remotely control compromised machines.