November 20, 2023 at 11:01AM
Threat actors are using a remote access trojan called NetSupport RAT to target the education, government, and business services sectors. The trojan is delivered through fraudulent updates, drive-by downloads, malware loaders, and phishing campaigns. The cybersecurity firm VMware Carbon Black has detected 15 new infections related to NetSupport RAT in recent weeks. Once installed, the trojan can monitor behavior, transfer files, manipulate settings, and spread to other devices on the network.
Key Takeaways from Meeting Notes:
– Threat actors are targeting the education, government, and business services sectors with a remote access trojan called NetSupport RAT.
– NetSupport RAT is typically downloaded onto a victim’s computer via deceptive websites and fake browser updates.
– Malicious actors have misappropriated NetSupport Manager, a legitimate remote administration tool, for subsequent attacks.
– Cybersecurity firm VMware Carbon Black has detected at least 15 new infections related to NetSupport RAT in the last few weeks.
– Compromised WordPress sites were used in a campaign to distribute NetSupport RAT through fraudulent Cloudflare DDoS protection pages.
– The deployment of NetSupport RAT often involves the use of JavaScript-based downloader malware known as SocGholish and a loader malware called BLISTER.
– Once installed, NetSupport RAT allows the attackers to monitor behavior, transfer files, manipulate computer settings, and move to other devices within the network.