US organizations targeted with emails delivering NetSupport RAT

2024-03-22 12:48

Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via "Nuanced" exploitation and by using an advanced detection evasion method.

The phishing emails prompts recipients to download an attached Office Word file to view their "Monthly salary report".

Zip file containing a single LNK file: a PowerShell dropper that retrieves and executes a script, which contains - among other things - an executable for the NetSupport RAT and a registry key designed to assure its persistence.

The NetSupport RAT. The NetSupport RAT is based on the legitimate remote desktop tool NetSupport Manager.

"Once installed on a victim's endpoint, NetSupport can monitor behavior, capture keystrokes, transfer files, commandeer system resources, and move to other devices within the network - all under the guise of a benign remote support software," the researchers said.

Attackers have previously been spotted exploiting a vulnerability in the Windows SmartScreen anti-phishing and anti-malware component to deliver the NetSupport RAT..

News URL

https://www.helpnetsecurity.com/2024/03/22/emails-delivering-netsupport-rat/

#email #RAT #US

News URL

Related news