Automatically translated.View original post

A group of GrayCharlie hackers shot JavaScript. Put it...

A group of GrayCharlie hackers fired JavaScript into the Wordpress website to release NetSupport RAT malware.

Website building platforms like Wordpress, while popular, are always targeted by hackers for hacking or embedding malware, and this time websites built on Wordpress are targeted again.

According to a report by the website, Cyber Security News mentioned the detection of a GrayCharlie hacker campaign, which launched an attack on a Wordpress-based website in 2023 with the implantation of an embeded JavaScript script on the site with the aim of releasing a malware type that remotely controls the victim's machine, or a RAT (Remote Access Trojan) called NetSupport RAT, and a malware type that steals data from the victim's machine, or an Infostealer named Stealc, as well as in the latter, another RAT type of malware was introduced into the campaign.

The technique used by the hacker group is to write a script to "tag" to the Document Object Model (DOM) on the target website. This tag points to JavaScript outside the web hosted on the hacker's server. If the victim opens a website that has been attacked by the hacker, the script checks which web browser and operating system the victim is using. If the script matches the script, it sends the victim to the next step, it attacks the victim by using a fake error alert to trick the victim into running a malware installation command or ClickFix with a fake CaptCha, and another way. One is to trick the victim into installing a fake web browser update, both of which lead to the installation of both malware.

A review by a research team from Recorded Future, an expert company developing cyber detectors, found that the backyard infrastructure, or Backend Infrastructure of the campaign, is using MivoCloud's cloud services and HZ Hosting Ltd's hosting services as part of the infrastructure system, and that the cluster (Cluster), the control server (C2 or Command and Control) of NetSupport RAT malware has been used to release deware (Deploy) since 2025. 2568) By examining the naming method of the TLC Certificate, License Key, and Serial Number associated with this infrastructure. In the area of communication of the C2 server, it is contacted through TCP port 443 with the SSH protocol. It allows data traffic to be camouflaged. It is not noticeable.

In the field of work of this campaign, the details are different in how to deceive the victims:

Fake Web Browser Update Scam: After the victim has logged into the website and installed a fake web browser update in JavaScript format, the WScript script will run PowerShell to download and unload the malware (Payload) files of the NetSupport RAT malware to the AppData folder.

ClickFix: After the victim places the command on Run and presses Enter, it downloads the Batch script file (.Bat) and then writes the Key Run in the Registry to guarantee that the malware will continue to work on the system (Persistence) every time it is rebooted, then contacts the C2 server, runs the System Reconnaissance tool, and ultimately releases the SectopRAT malware payload.

# Trending # Lemon 8 Howtoo # lemon 8 diary # freedomhack # Drug sign with lemon8

3/21 Edited to

... Read moreจากประสบการณ์ส่วนตัวในการดูแลเว็บไซต์ Wordpress ผมพบว่าแม้ Wordpress จะเป็นเครื่องมือยอดนิยมในการสร้างเว็บ แต่ก็มีจุดอ่อนสำคัญคือการตกเป็นเป้าของแฮกเกอร์ที่ใช้ช่องโหว่ต่างๆ ฝังมัลแวร์ เช่นกรณีแคมเปญของกลุ่ม GrayCharlie ที่โจมตีผู้ใช้ Wordpress ด้วยการฝัง JavaScript แอบแฝงบนหน้าเว็บ ซึ่งเมื่อผู้ใช้งานเปิดเว็บไซต์ที่ติดสคริปต์ดังกล่าว ระบบจะตรวจสอบเว็บเบราว์เซอร์และระบบปฏิบัติการของเหยื่อ ก่อนหลอกให้ติดตั้งมัลแวร์ผ่านการอัปเดตเบราว์เซอร์ปลอม หรือ CaptCha ปลอม เทคนิคนี้ทำให้ผู้ใช้งานหลงเชื่อและยอมลงมือทำตามขั้นตอนติดตั้งมัลแวร์อย่างไม่รู้ตัว การโจมตีแบบนี้จึงเรียกได้ว่าแฝงตัวอย่างแนบเนียนและมีความซับซ้อนสูง รวมถึงยังมีการใช้เซิร์ฟเวอร์ควบคุมของแฮกเกอร์ที่ตั้งอยู่บนคลาวด์ MivoCloud และ HZ Hosting Ltd เพื่อบริหารจัดการมัลแวร์ NetSupport RAT อีกด้วย สำหรับผู้ดูแลเว็บ Wordpress ผมขอแนะนำให้ตรวจสอบปลั๊กอิน และธีมอย่างสม่ำเสมอ รวมถึงอัปเดต Wordpress และส่วนเสริมต่างๆ ให้เป็นเวอร์ชันล่าสุดเสมอ เพื่อป้องกันช่องโหว่ที่จะถูกใช้โจมตี นอกจากนี้ควรใช้เครื่องมือสแกนมัลแวร์และเสริมความปลอดภัย เช่น การตั้งค่าไฟร์วอลล์เว็บแอปพลิเคชัน (WAF) และควบคุมการเข้าถึงไฟล์ที่สำคัญ ในฝั่งผู้ใช้งานทั่วไป หากพบข้อความแจ้งเตือนอัปเดตเว็บเบราว์เซอร์แบบผิดปกติ หรือแบบ CaptCha ที่ไม่น่าเชื่อถือ ควรหลีกเลี่ยงการติดตั้งและตรวจสอบแหล่งที่มาของการแจ้งเตือนเหล่านั้นก่อนทุกครั้ง เพราะมัลแวร์ NetSupport RAT มีความสามารถควบคุมเครื่องจากระยะไกลและขโมยข้อมูลที่สำคัญได้ หากเกิดการติดเชื้ออาจส่งผลเสียต่อตัวเครื่องและข้อมูลส่วนตัวอย่างรุนแรง ท้ายที่สุดแล้ว ความระมัดระวังและการอัปเดตความรู้ด้านความปลอดภัยไซเบอร์อย่างสม่ำเสมอ จะช่วยให้เราป้องกันและลดความเสี่ยงจากแคมเปญมัลแวร์เหล่านี้ได้อย่างมีประสิทธิภาพ

Related posts

A young woman with long dark hair, wearing a pink satin shirt, smiles at the camera while sitting at a table. Overlay text reads: 'Tools and sites I use as a cybersecurity student to progress my skills and keep me interested in studying'.
A screenshot of 'The Hacker News' website, displaying various cybersecurity news articles from January 2025, including topics like vulnerabilities, malware, cyber espionage, and AI jailbreak methods. An ad for Zscaler and a banner for CIS Hardened Images are also visible.
A screenshot of the O'Reilly learning platform, showing various books and expert playlists related to AI, engineering, and data. Overlay text highlights the subscription cost ($50/month or $499/year) and its value for accessing books and live events.
Tools and sites I use as a cybersecurity student 🌸
#cybersecuritystudent #cybersecurity #techgirlie
LexiStudies

LexiStudies

110 likes

4 In demand Certificates You Need in 2025
Hey Career Girl, I know you want to start off the New Year on the right foot and a certificate is just the thing. Certificates can open the doors to new pathways in the career world that wouldn't have been opened before! Love this type of content? Follow and share! Need Interview P
Lauren|Career Girl

Lauren|Career Girl

164 likes

SIEGEX is all CHEATERS & HACKERS😭
Why is this game full of cheaters and hackers and bugs🤷‍♀️ #siege #rainbowsixsiege #gaming #streamer #foryou
Phasma

Phasma

40 likes

The image shows a keyboard with a fingerprint icon, overlaid with "OUTSMART HACKERS" and "Secrets they don't want you to know," serving as the title for a guide on cybersecurity.
This image explains hackers use software to guess passwords and advises creating long passwords with a random mix of letters, numbers, and symbols to defend against such attacks.
The image warns that hackers try common passwords and advises users to defend themselves by avoiding easy words/phrases and not reusing passwords across different sites.
SECRETS Hackers DON’T Want You to Know!
After hackers got into my Facebook account and completely erased it, I dusted myself off and started a deep dive to understand why and how hackers work. The best way to protect yourself is to outsmart them. Here are 5 secrets Hackers DON'T want you to know! Share this with everyone! #lemon8pa
techgirljen

techgirljen

425 likes

A laptop with a cloudy sky wallpaper and a white cup with a red logo. Text overlay reads: 'Free Websites That Saved My GPA AND MY SANITY Sharing So You Don't Struggle Too'.
A laptop screen displays Yahoo search results for 'Quizlet'. An overlay describes Quizlet as a free flashcard tool for memorizing terms, definitions, and formulas, making studying feel like a game.
A laptop screen displays Yahoo search results for 'Unriddle.ai'. An overlay describes Unriddle.ai as a free tool that breaks down notes, articles, or assignments to aid understanding of long readings.
Websites You NEED to Pass Your College Courses
Y’all college is hard enough without trying to figure everything out on your own 😩 So here’s my list of websites that actually helped me pass my classes like, these were in my survival kit. I’m not gatekeeping 🫶🏽 Quizlet When I needed to memorize terms FAST. I used it for flashcards, and the matc
Beauty

Beauty

288 likes

A monitor displays the Martin AI assistant dashboard with sections for to-dos, reminders, calendar, and chat, set on a desk with a keyboard and plant, illustrating the phrase "Say what you need, it gets it done."
The Martin AI assistant dashboard is shown, featuring to-dos, reminders, calendar, inbox, and a chat interface for sending schedules, emphasizing its ability to use voice commands for tasks like texting and setting reminders.
The Martin AI assistant dashboard displays to-dos, reminders, calendar, and an inbox with emails, highlighting its function to remember and track information across various platforms without repetition.
Your to-do list just got a personal manager
You know when you have too many tabs open in your brain? This app is like closing all of them... at once. Martin is your Al assistant that actually works like a real one. Need to text someone, forward notes, set reminders, or manage your day? Just tell Martin. It connects with your inbox,
Reverelia

Reverelia

366 likes

A white book titled 'The Surprising Power of Ordinary Things to Create Extraordinary Happiness' by Ingrid Fetell Lee, with colorful confetti designs, rests on a patterned bed. Overlaid text reads 'nonfiction that melt my brain'.
The cover of 'Hidden Valley Road' by Robert Kolker, featuring a family photo, is displayed with text highlighting it as a chilling family saga, psychological mystery, and deep dive into schizophrenia.
The cover of 'To Be a Machine' by Mark O'Connell, showing a robot figure, is presented with text describing it as a wild mix of philosophy, science, and questions about humanity's future with AI.
Non-fiction that’s stranger than most fiction
There is nothing better than a non fiction title that reads like a thriller and is completely immersive. These are a few that I will never stop recommending and why… These books?? Wild. Disturbing. Unbelievable. And the best part? Every single one of them is 100% real. ### Hidden Valley Road
Meredith Jao

Meredith Jao

129 likes

Hackers
How call of duty has me #call of duty #hacker #warzone
Stevie_Wonders

Stevie_Wonders

1 like

I wanted a real project I could actually show, not just talk about. So I used Atoms ⚛️ Check it out here: https://tinyurl.com/3xzc8xbe It feels like having a whole AI team helping me: 🔍 they do the deep research first 🏁 then Race Mode builds different versions so I can compare 👥 I just pick
emilie.studygram

emilie.studygram

20 likes

when ur attorney is on a roll
darkangel1984666

darkangel1984666

1 like

A message to Minecraft hackers…
You should join the server #minecraft #gaming #fyp
BendersMC

BendersMC

13 likes

Hackers are using tricks & steal financial info.🌸🍋
SECURITY TIPS: Be careful from hackers they use multiple different types of software and tricks to steal data from computers, cell phones or other devices to steal your data, financial information and personal details. When they hack via computer systems Showing they are from Microsoft Security Ale
Mujahid Bakht

Mujahid Bakht

6 likes

⚠️ The Hidden Dangers of Public Wi-Fi Free Wi-Fi feels convenient, but it can be a trap. Hackers can create what’s called an “evil twin” network—a fake hotspot that looks legitimate. The moment you connect, they can access your data, passwords, banking info, and private messages. Listen
Dannah Eve

Dannah Eve

82 likes

SEPT WRAP UP PT 1.
september had me in a CHOKEHOLD y'all 😮‍💨 i read so much i have to break this into TWO PARTS 😂😂 • 47 books read (don't play with me •) • 19 new authors • multiple favorites that little binge had me blowing right past my 200 book goal, so you know i had to bump it up to 250 from messy d
LEXI 💓

LEXI 💓

33 likes

PSA PSA PSA ‼️ #fyp #hackers #facebook #scammers #viral
Kay’s House ✨

Kay’s House ✨

2 likes

A Fortnite character in a victory pose with a "Victory Royale" banner, overlaid with text "How I Improved My Fortnite Skills" and a "SWIPEZ" arrow, indicating the start of a guide.
Two Fortnite gameplay screenshots comparing graphics settings. The top shows high settings (Shadows ON, View Distance FAR), while the bottom shows low settings (Shadows OFF, View Distance NEAR) for improved visibility.
A Fortnite UI displaying accolades like "TWO TO ONE ODDS" for winning a Duos match solo, and "ONE MAN'S TREASURE" for using legendary weapons, alongside a first-person view of gameplay.
How I Improved My Fortnite Skills In 1 Season
Adjust Your Settings This is optional, your settings may already be perfect for your devices and your gameplay style. However, certain things in the game or your system can sometimes impact your gameplay. Fortnite takes a lot of processing power, so if you can relieve some of the load by adjusting
🌻ChromaGlitch

🌻ChromaGlitch

318 likes

Just An FYI This Is How So Many People are Getting Hacked!!! Plz Don’t Fall For Message Like These!!! it’s A Fake Account!!! #fakeaccount #hackers
MaryBell

MaryBell

2 likes

If you have the Samsung, you need to watch this and update your phone immediately 
Cybersecurity Girl

Cybersecurity Girl

49 likes

BIG Holiday Costco Shop & Haul | Anchorage, Alaska
vanditsv

vanditsv

2 likes

Chinese Hackers Breach U.S. Treasury
#cybersecurity #cyberattack #ustreasury #janetyellen
Her Tidings

Her Tidings

0 likes

These Hackers on Marvel Rivals getting crazy!
#marvelrivals #twitchtv #followme #Hackers #marvelfunny
MisFit Miracles

MisFit Miracles

2 likes

Bigfoot Super Hackers.
#manthoughts #hackers #laughoutloud #bigfootvlog #lifetips
Alien Hayes

Alien Hayes

13 likes

A smartphone displays a message asking God to unblock it due to hackers. A patterned pad and colorful items are in the hazy background. The image includes Lemon8 branding and a username.
God, please unblock this android, hackers have in
Olga Ledbetter

Olga Ledbetter

37 likes

WARZONE HACKERS
Warzone is full hackers and call of duty does not care #warzone #hacker #memesdaily #memes🤣 #gaming
DUSTINMYRQ ™

DUSTINMYRQ ™

5 likes

Ban Hackers
Vinicius Jr 🇧🇷 #fcmobile #eafcmobile #fifamobile #fcmobile25 #eafc
manuelofficial_13

manuelofficial_13

1 like

Kalebdavis19

Kalebdavis19

1 like

#yungblud
watch4hackers

watch4hackers

8 likes

King Trump
GrouchyGrandpaChannel

GrouchyGrandpaChannel

3 likes

HACKERS IN THE BETA
Blackops 7 has hackers already…. #hacker #blackops7 #bo7
Goofstha

Goofstha

1 like

Hackers Be Like:
#fypage
AidenIsMyself

AidenIsMyself

0 likes

🛡️ The GIS-R10 Controller — Enterprise-Level Power
🚀 The perfect hotspot solution for internet speeds of 400 Mbps! Designed for medium to large hospitality businesses like hotels, resorts, campgrounds, RV parks, marinas, and more, the GIS-R10 makes it easy to provide WiFi access as a complimentary service or a paid option. 🏨🌴🚐⚓ ✨ Why business
Guest Internet

Guest Internet

0 likes

This table makes my space feel bigger than it is—because it works harder than any piece of furniture I own 🛋️🪄 #AnywaysWood #spacehackers #tinyhomeideas #cleverfurniture #hometricks
Amy

Amy

0 likes

Prayers for Jamaica 🇯🇲 — opening Hacker’s Slumber,
Cousin B

Cousin B

0 likes

Chinese Hackers Target Senior US Officials
China’s Salt Typhoon continues to target very senior US government official by intercepting phone calls and meta data in a continued cyber espionage campaign. #china #hackers #cybersecurity #salttyphoon
Lemon8er

Lemon8er

0 likes

Replying to @Red what parts or the dark web live in your brain rent free? #scarystories #horror #eductional #darkweb
Liz Cooper🦋

Liz Cooper🦋

43 likes

warzone hackers be mad little babies
#cod #ps5 #gamergirl #warzone #fuckhackers
Twilightvile

Twilightvile

2 likes

A woman wearing a black outfit and a large pearl necklace smiles while sitting in a room with rows of green chairs. Other individuals are visible in the background. The image features Lemon8 branding with the username @angelawrivers.
Hackers hijacked antivirus features to install mal
Hackers hijacked antivirus features to install malware - here's what we know https://www.yahoo.com/tech/cybersecurity/articles/hackers-hijacked-antivirus-features-install-140500891.html #hackers #malware #cybersecurity #antivirus
angela1957

angela1957

1 like

scammers and hackers beware
Hudson
cercofhell

cercofhell

27 likes

me rocking the shades yesterday at my day group ☺️
Øg Hackers Dèmøn

Øg Hackers Dèmøn

1 like

Tcg
#TCG available at @brooklynvideogames . #Pokemon #OnePiece #MTG #Yugioh and more…
ArcadeBrooklyn

ArcadeBrooklyn

3 likes

Nice one boys
#cod #callofdutyp #codapartments #pvp #ashika #finalexfil #ashikapowerplant #almazrah #talkingshit #squad #dmz #gamer #sniper #headshot #longrange #headbussa #letthebodieshitthefloor #proxie #closecombat #closecombatfight #talkingshit #kamikazi #nomercy #nolovelost #groundhack #rocke
TheAuditor

TheAuditor

1 like

Amen thanks Father God Jesus Christ God evening word and prayer devil's I rebuke you your childrens Morehouse parish sheriff department officers and Mike Stone Tubbs and hackers and Elon Musk and Donald Trump and Mark Zuckerberg and Randy Tappin and Christopher Thirdkill and IT and their countr
glentrump359

glentrump359

0 likes

Hackers Bypass Microsoft Security Controls
Hackers have advertised a claim that they successfully bypassed Microsoft’s product activation process and can activate any Microsoft product without the activation process. #cyber #hacker #microsoft #cybersecurity
Lemon8er

Lemon8er

2 likes

Taco Tuesday 🤯 Admin Abuse ⁉️ #stealabrainrot #robloxstealabrainrot #roblox #neoskittles
NeoSkittles

NeoSkittles

6 likes

Ai in Cybersecurity
Artificial Intelligence isn’t replacing cybersecurity professionals, it’s amplifying them. AI doesn’t sleep. It learns, detects, and defends faster than ever before. This is what modern cybersecurity looks like “intelligence with intuition.” #Cybersecurity #AIinCybersecurity #dataprivacy
Abby❤️💎

Abby❤️💎

0 likes

See more