NetSupport Manager RAT used as part of malicious malware campaign
Target: Users of infected sites
Attack Vector: Malicious links and adverts on compromised sites
Summary: Over the past few months, security analysts have observed a campaign utilizing the disguise of fake updates to spread malware. These appear on compromised websites which the threat actors now use to spread their malware. The final payload installed was in most cases NetSupport Manager RAT (Remote Access Trojan), which-despite being a commercially available software with legitimate uses-has previously been seen to be used for malicious cyber-activities and allows threat actors access to a victim’s machine.
Risk assessment summary: The threat is assessed as 3d MODERATE. The RAT is commercially available for threat actors to use, and this attack vector has been exploited in the wild. Certain variants of the malware are observed to feature persistence mechanism, which may make removal of the RAT once it is present on a system more difficult. This in tandem with the way it removes any trace of itself as well as adding itself to a target systems firewalls trusted programmers help to increase the likelihood of further infections. As well as this the risk of this RAT being used maliciously is significant, particularly the fact a remote attacker could take control of a system and theoretically carry out any operations a user would be able to.