A malicious campaign exploits user trust through deceptive websites, including spoofed Gitcodes and fake Docusign verification pages. Victims are tricked into running malicious PowerShell scripts on their Windows machines, leading to the installation of NetSupport RAT. The multi-stage attack uses clipboard poisoning and fake CAPTCHAs to deliver the malware. The campaign involves multiple domains, uses ROT13 encoding, and creates persistent infections. Similar techniques were observed in other spoofed content, including Okta and popular media apps. The attack capitalizes on user familiarity with common online interactions, emphasizing the need for vigilance and skepticism in online activities.