Security Affairs
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The Carbon Black Managed Detection & Response team is warning of a surge in the number of new infections related to NetSupport RAT in the last few weeks. The most impacted sectors are education, government, and business services. NetSupport […]

NetSupport RAT

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors.

The Carbon Black Managed Detection & Response team is warning of a surge in the number of new infections related to NetSupport RAT in the last few weeks. The most impacted sectors are education, government, and business services.

NetSupport RAT is a remote control and desktop management software developed by NetSupport Ltd. It is designed to facilitate IT administrators and support staff in managing and controlling multiple remote computers from a centralized location. NetSupport Manager allows users to perform various tasks remotely, including troubleshooting, software distribution, system monitoring, and file transfers.

In recent years, multiple threat actors, including the group TA569, have been observed using the software as a Remote Access Trojan (RAT). The software was delivered through fraudulent updates, drive-by downloads, malware loaders (i.e. GhostPulse), and other forms of phishing campaigns.

Carbon Black researchers observed threat actors using older variations of NetSupport RAT, which used .BAT and .VBS files as decoys. The researchers did not observe newer variants utilizing older methods.

In the attacks detected by Carbon Black, NetSupport RAT was distributed through fake browser updates.

“In recent attacks, the NetSupport RAT has been observed to be downloaded onto a victim’s computer via deceptive websites and fake browser updates.” reads the analysis published by Carbon Black Managed Detection & Response team.

“The following infection showcases the victim getting tricked into downloading a fake browser update after visiting a compromised website.  These infected websites host a PHP script which displays a seemingly authentic update.  When the victim clicks on the download link, an additional Javascript payload is downloaded onto the endpoint.”

NetSupport RAT

Upon downloading the Javascript (“Update_browser_10.6336.js“) it retrieves and execute a Powershell from an external domain (i.e. implacavelvideos[.]com). The Powershell is used to retrieve a ZIP archive containing NetSupport RAT that.

“Multiple NetSupport dependencies/DLL’s as well as the NetSupport Manager are contained within this decompressed file.” concludes the report published by Carbon Black that also includes Indicators of Compromise (IOC).”Once installed on a victim’s device, NetSupport is able to monitor behavior, transfer files, manipulate computer settings, and move to other devices within the network.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NetSupport RAT)