SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge
8 snips
Nov 14, 2025 A nefarious SmartApeSG campaign has emerged, using ClickFix to deliver the NetSupport RAT through clever redirection. Meanwhile, Formbook showcases its crafty obfuscation techniques by utilizing multiple scripts to evade detection. The discussion also highlights newly patched vulnerabilities in sudo-rs, revealing risks beyond memory safety. Lastly, the SANS Holiday Hack Challenge is back, featuring engaging micro challenges ideal for novices, along with themes and prizes that promise to excite participants!
AI Snips
Chapters
Transcript
Episode notes
ClickFix Redirects Drive New Social Engineering
- SmartApeSG now leverages ClickFix-like fake captchas to redirect victims into running malicious PowerShell commands.
- This shift shows attackers prefer interactive web-based social engineering over traditional fake browser update lures.
Formbook Arrived Via Zipped VBScript
- Xavier analyzed a Formbook sample delivered as a ZIP containing a Visual Basic script that executed PowerShell payloads.
- The sample used sleep-loop tricks and layered PowerShell obfuscation to evade signature detection.
Rust Lowers Memory Risk But Not Logic Flaws
- Rewriting system tools in Rust reduces memory bugs but does not eliminate logic and permission vulnerabilities.
- sudo-rs demonstrated that complex authorization logic can introduce non-memory safety flaws like timestamp and password-reveal issues.