NetSupport RAT Infections on the Rise – Targeting Government and Business Sectors

News

Nov 20, 2023NewsroomMalware / Network Security

Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT.

“The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns,” VMware Carbon Black researchers said in a report shared with The Hacker News.

The cybersecurity firm said it detected no less than 15 new infections related to NetSupport RAT in the last few weeks.

While NetSupport Manager started off as a legitimate remote administration tool for technical assistance and support, malicious actors have misappropriated the tool to their own advantage, using it as a beachhead for subsequent attacks.

Cybersecurity

NetSupport RAT is typically downloaded onto a victim’s computer via deceptive websites and fake browser updates.

In August 2022, Sucuri detailed a campaign in which compromised WordPress sites were being used to display fraudulent Cloudflare DDoS protection pages that led to the distribution of NetSupport RAT.

NetSupport RAT

The use of bogus web browser updates is a tactic often associated with the deployment of a JavaScript-based downloader malware known as SocGholish (aka FakeUpdates), which has also been observed propagating a loader malware codenamed BLISTER.

The Javascript payload subsequently invokes PowerShell to connect to a remote server and retrieve a ZIP archive file containing NetSupport RAT that, upon installation, beacons out to a command-and-control (C2) server.

“Once installed on a victim’s device, NetSupport is able to monitor behavior, transfer files, manipulate computer settings, and move to other devices within the network,” the researchers said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown
Apple Boosts Spyware Alerts For Mercenary Attacks
EU Elections: Pro-Russian Propaganda Exploits Meta’s Failure to Moderate Political Ads
Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *