These infected websites host a PHP script which displays a seemingly authentic update. The following infection showcases the victim getting tricked into downloading a fake browser update after visiting a compromised website. Initial infection, however, can vary depending on the threat actor. In recent attacks, the NetSupport RAT has been observed to be downloaded onto a victim’s computer via deceptive websites and fake browser updates. We have not observed these newer variants utilizing older methods. Only one of the many BAT files being dropped would be responsible for executing the RAT and establishing persistence. Older variations of NetSupport RAT were seen utilizing. Its accessibility renders it susceptible to use by a spectrum of threat actors, ranging from novice hackers to sophisticated adversaries. Multiple malicious entities, including the notorious TA569 – recognized for its SocGholish malware, incorporate this tool into their arsenal. The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GhostPulse), and various forms of phishing campaigns.ĭue to its legitimate nature and widespread availability, NetSupport Manager is not exclusive to a singular threat actor. While it is legitimate software, threat actors have been using it in recent years as a Remote Access Trojan (RAT) – most notably spread in 2020 via a massive COVID-19 phishing campaign. The tool allowed file transfers, support chat, inventory management, and remote access. NetSupport Manager began as genuine software 30 years ago for remote technical support use. In this article we will delve into our methods for detecting and preventing this malware, along with providing valuable insights and resources for defenders. From the increase we noticed that the majority of the infections were from the Education, Government, and Business Services sectors. The Carbon Black Managed Detection & Response team, in collaboration with our Threat Analysis Unit, has observed over 15 new infections related to NetSupport RAT in the last few weeks. In recent years, however, threat actors have repurposed this software as a Remote Access Trojan (RAT) to infiltrate systems and utilize them as a launching point for subsequent attacks. One such software is NetSupport Manager – a remote control application used for remote systems management. Authors: Alex Murillo, Alan Ngo, Abe Schneider, Fae CarlisleĬontributors: Nikki Benoit Executive Summaryįor years, threat actors have been using legitimate software for illegitimate or malicious purposes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |