SmartApeSG Uses ClickFix to Deploy Remcos RAT

The SmartApeSG threat actor hosted a malicious payload on a free‑hosting page provided by ClickFix. When a victim opened the link, the page silently delivered the Remcos Remote Access Trojan, which installed without user interaction and established a back‑door channel for the attacker to control the system and exfiltrate data.

Remcos provides full remote desktop, command execution, credential dumping, and file theft capabilities, enabling attackers to move laterally and maintain persistence. Because ClickFix is a legitimate service, the malicious files can blend in with benign traffic, evading traditional URL filtering. Defenders should add ClickFix domains to threat‑intel feeds, monitor for unexpected outbound connections to the service, and enforce strict application control and behavior‑based detection to block unauthorized RAT installations.

Categories: Malware & Ransomware, Threat Intelligence

Source: Read original article