Increasingly prevalent NetSupport RAT infections reported

Attacks involving the NetSupport RAT have become increasingly common, The Hacker News reports. More than 15 infections have been observed mostly in organizations in the education, government, and business sectors, in recent weeks, according to a report from VMware Carbon Black researchers. Fraudulent browser updates have been leveraged by threat actors to facilitate the distribution of the SocGholish downloader malware, also known as FakeUpdates, which then uses PowerShell to establish a remote server connection and facilitate the retrieval of a NetSupport RAT-containing ZIP archive file. Researchers also noted that the installation of NetSupport would then enable behavior tracking, file transfers, computer setting alterations, and lateral network movement. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns," said researchers. NetSupport RAT, which was once a remote access tool, was previously reported by Sucuri to have been spread through fake Cloudflare distributed denial-of-service protection pages.