Researchers Warn NetSupport RAT Attacks Are on the Rise

Researchers warn of an increase in NetSupport RAT (Remote Access Trojan) infections impacting education, government, and business services sectors.

NetSupport Manager is a remote control and desktop management tool by NetSupport Ltd. Its initial role was to aid IT professionals in overseeing and controlling remote computers. The software enables remote operations like troubleshooting, distributing software, monitoring systems, and transferring files.

However, hackers have succeeded lately in using NetSupport Manager as a Remote Access Trojan (RAT). They use fake updates, malware loaders like GhostPulse, and phishing campaigns to deploy this software.

What`s new in the NetSupport RAT attacks

Researchers now say the attackers are using outdated versions of NetSupport RAT and disguise them with .BAT and .VBS files. Most recent attacks involved distributed NetSupport RAT through forged browser updates.

After visiting compromised websites, a malicious notification tricks the victims into downloading a fake browser update. Once the victim clicks on the download link, a Javascript payload gets on the victim’s device.

Then, the Javascript, named “Update_browser_10.6336.js,” fetches and runs a Powershell script from an external domain. After that, hackers download a ZIP file containing the NetSupport RAT. The archive includes multiple NetSupport dependencies, DLLs, and the NetSupport Manager.

Why is NetSupport RAT a danger to your organization’s safety?

After it gets into a company’s system, NetSupport RAT can:

• spy on user activities
• transfer files and exfiltrate data
• alter computer settings
• move laterally within the network

How can secure remote access practices keep you safe from NetSupport RAT

In a hybrid work environment secure remote access technologies help prevent all sorts of cyberattacks. So, here is a checklist of secure remote access best practices that I recommend against NetSupport RAT infections.

• Enforce Multi-Factor Authentication (MFA) across privileged accounts

• Implement Role-Based Access Control (RBAC)

• Patch and update software regularly

• Monitor and audit privileged sessions, to detect suspicious activity in time

• Educate employees to identify a phishing email

• Enforce the Principle of Least Privilege (POLP)

• Use a professional remote access & control tool to make sure your team doesn`t have to use unapproved solutions

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Support your users anywhere in the world.

Heimdal® Remote Desktop Software

Remote access and support solution compatible with Windows, Mac, and Android.

• Connect to any device and operating system;
• Invite more supporters to the same session;
• Connect from the Heimdal dashboard or desktop agent;
• Double encryption with RSA 2048/4096 and AES-256;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.