NetSupport RAT | Breaking Cybersecurity News | The Hacker News

The financially motivated threat actor known as  FIN7  has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of  NetSupport RAT . "The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet," cybersecurity firm eSentire  said  in a report published earlier this week. FIN7 (aka Carbon Spider and Sangria Tempest) is a  persistent e-crime group  that's been active since 2013, initially dabbling in attacks targeting point-of-sale (PoS) devices to steal payment data, before pivoting to breaching large firms via ransomware campaigns. Over the years, the threat actor has refined its tactics and cyber weapon arsenal, adopting  various   custom malware  families such as BIRDWATCH, Carbanak, DICELOADER...

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker  Operation PhantomBlu . "The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT's typical delivery mechanism by leveraging OLE (Object Linking and Embedding) template manipulation, exploiting Microsoft Office document templates to execute malicious code while evading detection," security researcher Ariel Davidpur  said . NetSupport RAT is a  malicious offshoot  of a legitimate remote desktop tool known as NetSupport Manager, allowing threat actors to conduct a spectrum of data gathering actions on a compromised endpoint. The starting point is a salary-themed phishing email that purports to be from the accounting department and urges recipients to open the attached Microsoft Word document to view the "mont...

Organizations now use an average of 112 SaaS applications —a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that's just one major SaaS provider. Imagine other unforeseen critical security risks: Each SaaS app has unique security configurations —making misconfigurations a top risk. Business-critical apps (CRM, finance, and collaboration tools) store vast amounts of sensitive data, making them prime targets for attackers. Shadow IT and third-party integrations introduce hidden vulnerabilities that often go unnoticed. Large and small third-party AI service providers (e.g. audio/video transcription service) may not comply with legal and regulatory requirements, or properly test and review code. Major SaaS providers also have thous...

Threat actors are targeting the education, government and business services sectors with a remote access trojan called  NetSupport RAT . "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as  GHOSTPULSE ), and various forms of phishing campaigns," VMware Carbon Black researchers said in a report shared with The Hacker News. The cybersecurity firm said it detected no less than 15 new infections related to NetSupport RAT in the last few weeks.  While NetSupport Manager started off as a  legitimate remote administration tool  for technical assistance and support, malicious actors have misappropriated the tool to their own advantage, using it as a beachhead for subsequent attacks. NetSupport RAT is typically downloaded onto a victim's computer via deceptive websites and fake browser updates. In August 2022, Sucuri  detailed  a campaign in which compromised WordPress...