cybersecurity

5464 readers

15 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

Dissecting CrashFix: KongTuke's New Toy | Huntress (www.huntress.com)

submitted 4 days ago by cm0002@lemmings.world to c/cybersecurity

19 comments fedilink hide all child comments

In January 2026, Huntress Senior Security Operations Analyst Tanner Filip observed threat actors using a malicious browser extension to display a fake security warning, claiming the browser had "stopped abnormally" and prompting users to run a “scan” to remediate the threats. Our analysis revealed this campaign is the work of KongTuke, a threat actor we have been tracking since the beginning of 2025. In this latest operation, we identified several new developments: a malicious browser extension called NexShield that impersonates the legitimate uBlock Origin Lite ad blocker, a new ClickFix variant we have dubbed “CrashFix” that intentionally crashes the browser then baits users into running malicious commands, and ModeloRAT, a previously undocumented Python RAT reserved exclusively for domain-joined hosts.

you are viewing a single comment's thread
view the rest of the comments

[–] AmbiguousProps@lemmy.today 0 points 4 days ago

People should know that you're crossposting from transphobic instances, in my opinion, so I'll continue letting people know, especially for those using screen readers. Also, I use the default Lemmy UI almost daily.