THE article discusses the SmartApeSG campaign that spreads the Remcos RAT (Remote Access Trojan) via a ClickFix-style fake CAPTCHA page. It details how the infection was replicated in a lab setting, highlighting the usage of indicators from the Monitor SG account on Mastodon to identify compromised websites. The article provides insights into the injected SmartApeSG script, showing how it tricks users into executing malware on their systems through fake CAPTCHA challenges.
It outlines the infection process that includes DLL side-loading and modifications to the Windows Registry to maintain persistence. Furthermore, it lists various indicators of compromise (IoCs) such as malicious URLs and the specifics of the ZIP archive containing the Remcos RAT. The patterns of SmartApeSG activity are noted to remain consistent despite frequent changes in the URLs and domains.