📢 🚨 A new fake #CAPTCHA scam tricks users into infecting their own systems by abusing Microsoft’s signed tools. The campaign delivers Amatera Stealer and hides commands in Google Calendar and PNG images.

Read: https://hackread.com/fake-captcha-scam-microsoft-tools-amatera-stealer/

#Cybersecurity #AmateraStealer #Malware #Infosec #Windows

Researchers are tracking a new ClickFix campaign called EVALUSION, delivering Amatera Stealer and NetSupport RAT.

The chain begins with Run-dialog execution during fake CAPTCHA checks, followed by mshta.exe → PowerShell → PureCrypter → DLL injection into MSBuild.exe.

Amatera includes advanced evasion and broad data-harvesting features. NetSupport RAT is deployed only when valuable data is detected.
Related phishing activity involves XWorm, Cephas kits, SmartApeSG, and Tycoon 2FA.

Thoughts on this growing reliance on execution through supposedly “trusted” system tools?

💬 Share your perspective
👍 Follow us for more clear, unbiased threat reporting

#Infosec #CyberSecurity #ClickFix #AmateraStealer #NetSupportRAT #MalwareAnalysis #ThreatIntel #MaaS #PhishingKits #SecurityResearch

Neue EVALUSION‑ClickFix‑Kampagne:
Amatera‑Stealer und NetSupport‑RAT werden verbreitet

Cyber‑Security‑Forscher von eSentire haben eine EVALUSION genannte Malware‑Kampagne entdeckt, die das mittlerweile weit verbreitete ClickFix‑Social‑Engineering‑Muster nutzt, um den Amatera Stealer und das NetSupport RAT zu installieren.

Mehr: https://maniabel.work/archiv/265

#ClickFix #AmateraStealer #NetSupportRAT, infosec #infosecnews #BeDiS

⚠️ Another day, another scam exploiting Ukranian National Police - This time, hackers are sending phishing emails posing as Ukraine’s national police, using malicious SVG files to deploy #AmateraStealer and #PureMiner on Windows systems.

Read: https://hackread.com/fake-ukraine-police-notices-amatera-stealer-pureminer/

#CyberAttack #Phishing #Malware #CyberSecurity #Ukraine