Threat Research

    Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites

    Security researchers uncovered ongoing attacks linked to the KongTuke threat group using compromised WordPress sites and fake CAPTCHA lures to spread the Python-based modeloRAT. Attackers inject malicious JavaScript that prompts users to run a PowerShell command, triggering a multistage infection process....
    3/11/2026  0
    Read More »

    Deploying NetSupport RAT via WordPress & ClickFix

    In May 2025, threat actors were found hosting malicious WordPress sites to distribute tampered versions of the legitimate NetSupport Manager Remote Access Tool (RAT). This report examines the techniques and tools used to deploy the NetSupport RAT, with a focus on malicious JavaScript....
    7/10/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.