Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

December 3, 2024 at 12:51AM A new malware campaign named Horns&Hooves targets users and businesses in Russia, infecting over 1,000 victims since March 2023. It delivers NetSupport RAT and BurnsRAT, utilizing deceptive email attachments to install additional malware. The threat is linked to group TA569, known for facilitating ransomware attacks and data theft. ### Meeting … Read more

Oyster Backdoor Spreading via Trojanized Popular Software Downloads

June 21, 2024 at 06:15AM A malvertising campaign is using fake websites to distribute backdoor malware disguised as popular software like Google Chrome and Microsoft Teams. The malware, called Oyster, can gather information, communicate with a command-and-control address, and execute remote code. This coincides with the emergence of a new phishing platform called ONNX Store. … Read more

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

May 11, 2024 at 03:45AM FIN7, a financially motivated threat actor, has used malicious Google ads to imitate reputable brands, such as AnyDesk and Google Meet, to spread the NetSupport RAT. The group has evolved from targeting point-of-sale systems to launching ransomware campaigns and has expanded its malware arsenal. This activity has prompted Microsoft to … Read more

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

March 19, 2024 at 02:15AM A new phishing campaign dubbed Operation PhantomBlu is using a sophisticated technique to deploy NetSupport RAT, targeting U.S. organizations with salary-themed phishing emails and exploiting Microsoft Office document templates. Additionally, threat actors are increasingly abusing public cloud services and data-hosting platforms to generate undetectable phishing URLs, sold on underground platforms. … Read more

NetSupport RAT Infections on the Rise – Targeting Government and Business Sectors

November 20, 2023 at 11:01AM Threat actors are using a remote access trojan called NetSupport RAT to target the education, government, and business services sectors. The trojan is delivered through fraudulent updates, drive-by downloads, malware loaders, and phishing campaigns. The cybersecurity firm VMware Carbon Black has detected 15 new infections related to NetSupport RAT in … Read more