In January 2026, Huntress Senior Security Operations Analyst Tanner Filip observed threat actors using a malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate the threats. Our analysis revealed this campaign is the work of KongTuke, a threat actor we have been tracking since the beginning of 2025. In this latest operation, we identified several new developments: a malicious browser extension called NexShield that impersonates the legitimate uBlock Origin Lite ad blocker, a new ClickFix variant we have dubbed “CrashFix” that intentionally crashes the browser then baits users into running malicious commands, and ModeloRAT, a previously undocumented Python RAT reserved exclusively for domain-joined hosts.
This post has been seen at least three times on Lemmy so far (including this post):
Just connecting the fediverse as you claimed to be doing with your mass reposting!
Already handled by the internal crosspost system
Not for all frontends, as multiple people have told you in the past. I’m not going down that route again, but I sure will continue to help those that can’t see that you’re just crossposting from elsewhere.
There’s no such app or frontend, they all have the crosspost menu afaik, if you know of one, lmk even though you still haven’t. You just keep making that claim without actually answering lol
Here you go! https://lemmy.cafe/comment/15393162
Happy to help!
It has to do with the proxying URLs on images [A rare instance related issue]
On the clients that were mentioned:
Here’s Thunder
Here’s the dbzer0 web interface
All with proper crossposting menus, anything else you’d like to misrepresent or lie about?
