2025-08-20 (WEDNESDAY): SMARTAPESG CAPTCHA PAGE --> CLICKFIX SCRIPT --> NETSUPPORT RAT --> STEALC V2

NOTES:

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

ASSOCIATED FILES:

• 2025-08-20-IOCs-for-SmartApeSG-ClickFix-NetSupport-RAT-with-StealCv2.txt.zip   1.7 kB   (1,737 bytes)
• 2025-08-20-SmartAgeSG-Netsupport-RAT-with-StealCv2.pcap.zip   63.1 MB   (63,129,119 bytes)
• 2025-08-20-files-from-the-infection.zip   57.8 MB   (57,817,477 bytes)

 

IMAGES

Shown above:  Fake CAPTHA page generated by SmartApeSG script injected into compromised website.

 

Shown above:  ClickFix instructions from the fake CAPTCHA page.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.