1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'What started as someone potentially trying to remove the backgro

    From TechnologyDaily@1337:1/100 to All on Thursday, May 07, 2026 17:45:28
    'What started as someone potentially trying to remove the background from a selfie ended with a custom .NET stealer rifling through their browser passwords': Experts warn that free image editor tool could actually be dangerous malware

    Date:
    Thu, 07 May 2026 16:35:00 +0000

    Description:
    Background removal services are being used in ClickFix attacks, delivering dangerous infostealer malware.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter A fake photo tool ranked high
    in search results tricks users into running malware via ClickFix tactics Victims first get infected with CastleLoader, which then deploys NetSupport RAT and a custom CastleStealer The campaign highlights how SEO poisoning and social engineering can turn simple tasks into credential theft and remote compromise A website promising to remove backgrounds from selfie photos is actually just dropping infostealing malware on peoples computers, security researchers are saying.

    Cybersecurity experts at Huntress outlined how they discovered a website which, through SEO poisoning, managed to work its way to the top of search engine results pages. Therefore, when people search for background removal tools, there is a good chance theyll land on this particular, malicious site. When they upload their photos to this service, it doesnt really get
    processed. Nothing gets uploaded or shared in any way. However, the site then requests the user to verify theyre human by opening up the Windows Run
    program and pasting a command that was copied onto their clipboard. You may like Microsoft warns ClickFix attacks targeting Windows Terminal to trick users into running malware 'The prevailing wisdom used to be that macOS was
    at lower risk of malware infection compared to Windows...thats no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay
    safe Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools Latest Videos From CastleLoader, CastleStealer, and
    NetSupport RAT In typical ClickFix fashion, the attackers actually demand the victims to run malware themselves, first infecting their devices with CastleLoader. This is the main loader that is used to deliver additional payloads.

    Through CastleLoader, the miscreants can then deploy stage-two malware , including NetSupport RAT, and CastleStealer.

    The former is a remote access trojan (RAT) which grants the attackers remote access to infected systems, while the latter is a custom .NET stealer that targets browser credentials, crypto wallet data, Discord tokens, and Telegram session files.

    What started as someone potentially trying to remove the background from a selfie ended with a custom .NET stealer rifling through their browser passwords, crypto wallet vaults, and Telegram session, plus a NetSupport RAT dropped on disk for follow-up access, Huntress explained. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    ClickFix attacks can be mitigated through education - users should know that no legitimate service will ask users to verify theyre not a bot with
    on-device activity (such as, running a program locally). Alternatively,
    admins can disable the Win + R shortcut for Run, making it less likely for
    the victims to actually run the malicious code. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/what-started-as-someone-potentially-try ing-to-remove-the-background-from-a-selfie-ended-with-a-custom-net-stealer-rif ling-through-their-browser-passwords-experts-warn-that-free-image-editor-tool- could-actually-be-dangerous-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)