• 2368 Maritime Dr Unit 250, Elk Grove, CA 95758, United States
  • Mon – Fri: 7:00AM – 7:00PM
  • contactus@bpsemail.com
Follow Us On:
Facebook-f Instagram Linkedin-in Pinterest
Remote Access Trojan

Fake DocuSign and GitCode Websites Spreading Remote Access Trojan

22 Views

Cybercriminals are launching a new attack campaign that targets users through fake DocuSign and GitCode websites. This deceptive strategy installs the NetSupport Remote Access Trojan (RAT) on unsuspecting devices, posing a serious threat to business security.

What Is NetSupport RAT?

The NetSupport RAT started as a legitimate remote administration tool. However, cybercriminals have repurposed it to gain unauthorized access using a remote access trojan exploit on business systems. Once installed, this tool allows attackers to spy on users, steal confidential data, and even control the entire system.

How the Attack Works

Understanding the method behind the attack helps prevent it. Here’s how it unfolds:

  1. Cloned Websites Trick Users
    Attackers create fake websites that closely resemble DocuSign and GitCode. These clones appear trustworthy but serve a malicious purpose.
  2. Phishing Tactics Drive Traffic
    Victims often land on these pages through phishing emails or misleading online ads luring them into the remote access trojan trap. These messages prompt users to visit the fake site and follow dangerous instructions.
  3. PowerShell Scripts Activate the Threat
    The sites instruct users to paste a PowerShell command into their Windows Run dialog. Once executed, this script installs the NetSupport RAT in the background.
  4. CAPTCHA Tricks Enable Clipboard Hijacking
    In some cases, fake CAPTCHAs copy a script to the user’s clipboard. When users paste the content, they unknowingly trigger the installation process.

Why Businesses Should Take This Seriously

This remote access trojan threat can disrupt your operations in multiple ways:

  • Hackers can monitor employee activity, exploiting remote access trojan vulnerabilities.
  • Sensitive business data can be stolen or sold.
  • Attackers might install ransomware afterward.
  • Customer trust can be permanently damaged.

How to Stay Safe

Businesses don’t have to be easy targets to remote access trojans. Here’s what you can do:

  • Check URLs carefully before entering credentials or downloading files.
  • Avoid running unknown scripts, especially if prompted by random websites.
  • Train employees regularly on phishing and cybersecurity best practices.
  • Install endpoint protection tools that block remote access threats.
  • Report suspicious emails or websites related to DocuSign to spam@docusign.com.

Secure Your Network with Business PC Support

You don’t have to face modern cyber threats alone. Business PC Support offers proactive security solutions that detect and block attacks like the NetSupport remote access trojan. If your business needs stronger defenses, faster threat response, or employee security training, contact us today or visit businesspcsupport.com.

Leave A Comment

Your email address will not be published. Required fields are marked *