Threat actors are targeting the education, government, and business services sectors with a remote access trojan called NetSupport RAT. VMware Carbon Black researchers have reported that the delivery mechanisms for the NetSupport RAT include fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns. The cybersecurity firm has detected at least 15 new infections related to NetSupport RAT in the last few weeks.
NetSupport Manager, which originally served as a legitimate remote administration tool for technical assistance and support, has been misappropriated by malicious actors for their own advantage. They are using it as a beachhead for subsequent attacks. NetSupport RAT is typically downloaded onto a victim’s computer via deceptive websites and fake browser updates.
If you found this article interesting, follow us on Twitter and LinkedIn to read more exclusive content we post.