Fake DocuSign, Gitcode Sites Spread NetSupport RAT

Hackers are leveraging fake Gitcode and DocuSign websites to distribute the NetSupport Remote Access Trojan (RAT), according to a report from The Hacker News. The campaign uses lookalike domains that mimic legitimate platforms to deceive users into downloading the malware. Once installed, NetSupport RAT grants attackers remote control over compromised systems, enabling them to steal sensitive data or deploy additional payloads.

The malicious sites imitate the branding and interface of Gitcode and DocuSign, two widely recognized platforms, to increase the likelihood of user interaction. Victims are typically directed to these spoofed pages through phishing emails or malicious links. The NetSupport RAT, originally designed as a legitimate remote desktop tool, is frequently repurposed by threat actors for unauthorized surveillance and control.

This latest campaign underscores the growing trend of exploiting trusted brands to facilitate malware distribution, posing heightened risks for individuals and organizations relying on familiar digital tools for daily operations.