Tag

Modelorat

All articles tagged with #modelorat

technology1 month ago•4 min saved

DNS Channel Used to Deliver PowerShell Payload in ClickFix Attacks

A new ClickFix variant uses a DNS-based delivery channel: victims are prompted to run nslookup in the Run dialog, querying an attacker-controlled DNS server. The DNS response contains a PowerShell payload that, when executed, downloads a ZIP with a Python runtime and malware scripts, establishes persistence, and installs ModeloRAT. This marks the first known use of DNS for staging and delivering ClickFix payloads, enabling on-the-fly payload updates and blending with normal DNS traffic instead of relying on HTTP.

via BleepingComputer|

#clickfix #dns #modelorat

cybersecurity2 months ago•5 min saved

CrashFix Chrome Campaign Traps Users With DoS Crash to Deliver ModeloRAT

Security researchers detail KongTuke's CrashFix campaign, where a counterfeit Chrome extension named NexShield clones uBlock Origin Lite, issues a fake security warning, and triggers a DoS-style crash to coerce users into running a command. The attack uses a 60-minute delayed, multi-stage payload that reports a unique ID to nexsnield[.]com, fetches subsequent stages via PowerShell, and loads the ModeloRAT payload on domain-joined machines via RC4-encrypted C2 and Registry persistence; standalone hosts see a testing payload first. The operation leverages a traffic distribution system and underscores evolving social engineering and self-sustaining infection loops.

via The Hacker News|

#crashfix #cybersecurity #dos