Beware Bogus DocuSign: Sneaky RAT Attack Hijacks Your Clipboard!

A spoofed DocuSign page is turning users into unwitting tech support for hackers, unleashing NetSupport RAT. The malware campaign uses fake CAPTCHA screens to trick users into clipboard chaos and script pasting mayhem. A comedy of errors, but with malware. Stay skeptical, and remember: if a CAPTCHA wants to run scripts, it’s a trap!

3P
Published: June 3, 2025 1:29 pmAdded: June 3, 2025 at 7:01 amAssembled by: The Editor
Pro Dashboard

Hot Take:

In a world where signing documents digitally is supposed to make life easier, it turns out the only signature you might be providing is on a VIP guest list for malware. Who knew that signing up for a DocuSign could invite a RAT to your party? Grab your digital cheese traps, folks, because it’s getting rodent-y in here!

Key Points:

  • Malware campaign uses fake DocuSign sites to distribute NetSupport RAT.
  • Involves clipboard manipulation and PowerShell scripts for infection.
  • Multiple spoofed domains, including Netflix and Spotify, aid the campaign.
  • Campaign exploits known tools like NetSupport Manager for attacks.
  • User vigilance and skepticism are the best defenses against such attacks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?