Hackers Use ClickFix Technique to Deploy NetSupport RAT Loaders
Category:Malware / Remote Access Tools
Security researchers identified a new campaign leveraging the 'ClickFix' technique to deliver NetSupport RAT loaders. The attack uses malicious pop-ups and fake browser updates to trick users into executing payloads, granting attackers remote access and data exfiltration capabilities.
CORTEX Protocol Intelligence Assessment
Business Impact: NetSupport RAT is a modular tool used for persistence and lateral movement in corporate networks. Technical Context: ClickFix exploits social engineering vectors and weak browser controls to distribute loaders via compromised sites or malvertising campaigns.
Strategic Intelligence Guidance
- Block domains associated with NetSupport RAT activity.
- Deploy endpoint detection rules for loader persistence behaviors.
- Educate users to avoid browser update pop-ups outside official sources.
- Use EDR telemetry to trace lateral movement from infected endpoints.
Vendors
Threats
Targets
Intelligence Source: Hackers Use ClickFix Technique to Deploy NetSupport RAT Loaders | Oct 26, 2025