SmartApeSG: The Rise of the Fake CAPTCHA RAT Attack (And How to Avoid It!)

SmartApeSG, also known as ZPHP or HANEYMANEY, is a campaign that uses fake CAPTCHA pages to unleash NetSupport RAT infections. Clicking “verify you are human” injects malicious content into your clipboard, like a sneaky ninja hiding in plain sight. Remember, if it looks too CAPTCHA to be true, it probably is!

1P
Published: November 12, 2025 9:59 pmAdded: November 12, 2025 at 2:11 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

SmartApeSG is at it again, proving that CAPTCHA isn’t just a test for humans but also a gateway for malware. Who knew that verifying your humanity could lead to your computer’s downfall? This campaign is like a digital escape room where the prize is a NetSupport RAT infection. Quick, someone call Sherlock Holmes, we’ve got a mystery to solve!

Key Points:

  • SmartApeSG campaign uses fake CAPTCHA pages to distribute NetSupport RAT malware.
  • Victims are tricked into running a malicious command that initiates the infection.
  • The campaign relies on compromised websites with hidden scripts.
  • SmartApeSG activities are tracked using Monitor SG indicators and URLscan.
  • The malware persists via Start Menu shortcuts, making it hard to eradicate.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?