this post was submitted on 20 Jan 2026
4 points (83.3% liked)

cybersecurity

5465 readers
4 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 2 years ago
MODERATORS
shellsharks
tweedge
4
Dissecting CrashFix: KongTuke's New Toy | Huntress (www.huntress.com)
submitted 4 days ago by cm0002@lemmings.world to c/cybersecurity
19 comments fedilink hide all child comments
 

In January 2026, Huntress Senior Security Operations Analyst Tanner Filip observed threat actors using a malicious browser extension to display a fake security warning, claiming the browser had "stopped abnormally" and prompting users to run a “scan” to remediate the threats. Our analysis revealed this campaign is the work of KongTuke, a threat actor we have been tracking since the beginning of 2025. In this latest operation, we identified several new developments: a malicious browser extension called NexShield that impersonates the legitimate uBlock Origin Lite ad blocker, a new ClickFix variant we have dubbed “CrashFix” that intentionally crashes the browser then baits users into running malicious commands, and ModeloRAT, a previously undocumented Python RAT reserved exclusively for domain-joined hosts.

you are viewing a single comment's thread
view the rest of the comments
[–] AmbiguousProps@lemmy.today 0 points 4 days ago (1 children)

That's not really friction, and in fact, on the standard Lemmy UI, it's not in a submenu at all..it's just straight up linked under the post title. No extra click required. So what's the difference?

[–] cm0002@lemmings.world 0 points 4 days ago (1 children)

Well sure, it's not foolproof, but the vast majority of users are probably not using the default Lemmy UI (because it kinda sucks lol) and instead are using an app or other front end.

[–] AmbiguousProps@lemmy.today 0 points 4 days ago

People should know that you're crossposting from transphobic instances, in my opinion, so I'll continue letting people know, especially for those using screen readers. Also, I use the default Lemmy UI almost daily.