THIS diary, authored by Brad Duncan, discusses an unidentified Remote Access Trojan (RAT) that was detected on May 27, 2026. The RAT is associated with the SmartApeSG ClickFix campaign and has been identified as generating encoded traffic to a command and control server over TCP port 443 since April 2026. The piece includes details about specific URLs and traffic generated by the associated ClickFix script, as well as indicators of compromise such as SHA256 file hashes.
Notable files extracted include a malicious NetSupport RAT package. The diary highlights that indicators of this activity change frequently and recommends monitoring relevant feeds for updates.