{"id":16306,"date":"2025-06-03T15:00:00","date_gmt":"2025-06-03T15:00:00","guid":{"rendered":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/"},"modified":"2025-06-03T15:00:00","modified_gmt":"2025-06-03T15:00:00","slug":"fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/","title":{"rendered":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)"},"content":{"rendered":"<p>Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware.<br \/>\nThe DomainTools Investigations (DTI) team said it identified &#8220;malicious multi-stage downloader Powershell scripts&#8221; hosted on lure websites that masquerade as Gitcode and DocuSign.<br \/>\n&#8220;<a href=\"https:\/\/thehackernews.com\/2025\/06\/fake-docusign-gitcode-sites-spread.html\" target=\"_blank\" class=\"feedzy-rss-link-icon\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified &#8220;malicious multi-stage downloader Powershell scripts&#8221; hosted on lure websites that masquerade as Gitcode and DocuSign. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":16307,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16306","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified &quot;malicious multi-stage downloader Powershell scripts&quot; hosted on lure websites that masquerade as Gitcode and DocuSign.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"admin\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified &quot;malicious multi-stage downloader Powershell scripts&quot; hosted on lure websites that masquerade as Gitcode and DocuSign.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2025-06-03T15:00:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-06-03T15:00:00+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified &quot;malicious multi-stage downloader Powershell scripts&quot; hosted on lure websites that masquerade as Gitcode and DocuSign.\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#blogposting\",\"name\":\"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \\u203a Sekuritas IT\",\"headline\":\"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/power-Fi5ba6.jpg\",\"width\":728,\"height\":380},\"datePublished\":\"2025-06-03T15:00:00+00:00\",\"dateModified\":\"2025-06-03T15:00:00+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#listItem\",\"name\":\"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#listItem\",\"position\":3,\"name\":\"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/#author\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d7e1b280a86a35aded993a38df224bb7b360b70bfbabceccbea7c0ef0ab5e175?s=96&d=retro&r=g\",\"width\":96,\"height\":96,\"caption\":\"admin\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/\",\"name\":\"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \\u203a Sekuritas IT\",\"description\":\"Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified \\\"malicious multi-stage downloader Powershell scripts\\\" hosted on lure websites that masquerade as Gitcode and DocuSign.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/power-Fi5ba6.jpg\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#mainImage\",\"width\":728,\"height\":380},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/06\\\/03\\\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\\\/#mainImage\"},\"datePublished\":\"2025-06-03T15:00:00+00:00\",\"dateModified\":\"2025-06-03T15:00:00+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","description":"Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified \"malicious multi-stage downloader Powershell scripts\" hosted on lure websites that masquerade as Gitcode and DocuSign.","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#blogposting","name":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","headline":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/sekuritasit.com\/wp-content\/uploads\/2025\/06\/power-Fi5ba6.jpg","width":728,"height":380},"datePublished":"2025-06-03T15:00:00+00:00","dateModified":"2025-06-03T15:00:00+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#listItem","name":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#listItem","position":3,"name":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"Person","@id":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/#author","url":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/","name":"admin","image":{"@type":"ImageObject","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/d7e1b280a86a35aded993a38df224bb7b360b70bfbabceccbea7c0ef0ab5e175?s=96&d=retro&r=g","width":96,"height":96,"caption":"admin"}},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/","name":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","description":"Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified \"malicious multi-stage downloader Powershell scripts\" hosted on lure websites that masquerade as Gitcode and DocuSign.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/sekuritasit.com\/wp-content\/uploads\/2025\/06\/power-Fi5ba6.jpg","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#mainImage","width":728,"height":380},"primaryImageOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/#mainImage"},"datePublished":"2025-06-03T15:00:00+00:00","dateModified":"2025-06-03T15:00:00+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","og:description":"Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified &quot;malicious multi-stage downloader Powershell scripts&quot; hosted on lure websites that masquerade as Gitcode and DocuSign.","og:url":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/","article:published_time":"2025-06-03T15:00:00+00:00","article:modified_time":"2025-06-03T15:00:00+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","twitter:description":"Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified &quot;malicious multi-stage downloader Powershell scripts&quot; hosted on lure websites that masquerade as Gitcode and DocuSign."},"aioseo_meta_data":{"post_id":"16306","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2025-06-03 15:55:13","updated":"2025-10-15 15:14:24","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tFake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack info@thehackernews.com (The Hacker News)","link":"https:\/\/sekuritasit.com\/index.php\/2025\/06\/03\/fake-docusign-gitcode-sites-spread-netsupport-rat-via-multi-stage-powershell-attack-infothehackernews-com-the-hacker-news\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/16306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=16306"}],"version-history":[{"count":0,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/16306\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media\/16307"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=16306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=16306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=16306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}