Threat actors are targeting the education, government and business services sectors with a remote access trojan called
NetSupport RAT.
"The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as
GHOSTPULSE), and various forms of phishing campaigns," VMware Carbon Black researchers said in a
report shared with The Hacker News.
The cybersecurity firm said it detected no less than 15 new infections related to NetSupport RAT in the last few weeks.
While NetSupport Manager started off as a
legitimate remote administration tool for technical assistance and support, malicious actors have misappropriated the tool to their own advantage, using it as a beachhead for subsequent attacks.
NetSupport RAT is typically downloaded onto a victim's computer via deceptive websites and fake browser updates.
