Threat investigators are warning about a fresh campaign that utilizes fraudulent websites to deceive unwary users into running harmful PowerShell scripts on their devices, leading to an infection with the NetSupport RAT malware.
The DomainTools Investigations (DTI) team noted it discovered “harmful multi-stage downloader PowerShell scripts” located on bait websites that imitate Gitcode and DocuSign.