The SmartApeSG campaign, known also as ZPHP or HANEY MANEY, has been evolving since its first report in June 2024. The campaign now utilizes ClickFix-style techniques, tricking users into verifying their identity through fake CAPTCHA pages. This approach enhances the deception, making it difficult for users to detect the attacks. Primarily, it targets individuals visiting compromised websites displaying hidden malicious scripts. When conditions align, these scripts trigger a fake verification box, which initiates a sequence that installs the NetSupport RAT on the victim’s machine.
Once activated, the fake CAPTCHA page operates by injecting malicious commands into the user’s clipboard, executing them via the mshta command to pull from attacker-controlled servers. The NetSupport RAT facilitates complete remote access, allowing attackers to steal data and monitor user activities. The multi-stage technique, using JavaScript stored in a Temp directory, complicates detection and removal efforts for average users. The SmartApeSG campaign’s dynamic nature, with its rapidly changing domains and infrastructure, underscores the need for continuous threat intelligence updates and user education on digital safety practices.
👉 Pročitaj original: Cyber Security News
