SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, March 16th, 2026: SmartApeSG and Remcos RAT; React Based Phishing; Google Chrome Patches; AdGaurd Vuln
9 snips
Mar 16, 2026 A campaign used a ClickFix page to trick users into running commands that deliver Remcos RAT. A React-based phishing site exfiltrated credentials via EmailJS, creating unusual investigative leads. Google released and then revised Chrome zero-day fixes, leaving one patch outstanding. A signed malware distribution targeted VPN clients via fake vendor sites, and AdGuard Home received an authentication fix.
AI Snips
Chapters
Transcript
Episode notes
SmartApeSG Uses ClickFix Trick To Deliver Remcos RAT
- SmartApeSG used a ClickFix-style fake captcha to trick victims into pasting a command that downloaded Remcos RAT.
- Johannes Ulrich referenced Brad's diary with packet captures and evidence so listeners can follow analysis step-by-step.
React Phishing Pages Exfiltrate Credentials With EmailJS
- Attackers hosted a React-based phishing page via a Cloudflare Worker and used EmailJS to exfiltrate captured credentials by sending them as email.
- Johannes Ulrich noted EmailJS makes attacker attribution easier because the account used can be inspected.
Restart Chrome Daily And Check For Patch Updates
- Keep Google Chrome updated and restart it regularly because one publicly disclosed exploited zero-day remained unpatched after an initial update correction.
- Johannes Ulrich recommends restarting Chrome at least once a day and checking versions weekly.