SmartApeSG Hijacks ClickFix Pages to Deploy Remcos RAT

The threat actor known as SmartApeSG has been compromising legitimate ClickFix support pages and inserting malicious JavaScript. The injected script silently fetches and executes the Remcos Remote Access Trojan (RAT) on visiting systems, giving the attackers full remote control of the infected endpoints without user interaction.

This campaign turns a trusted domain into a delivery mechanism for a powerful RAT, enabling data theft, credential harvesting, and lateral movement across networks. Defenders must treat compromised third‑party sites as a supply‑chain risk, monitor outbound connections for unexpected Remcos activity, enforce strict script execution policies, and block or sandbox content from hijacked URLs to stop the infection chain.

Categories: Malware & Ransomware, Threat Intelligence

Source: Read original article