Researchers warn of an increase in NetSupport RAT (Remote Access Trojan) infections impacting education, government, and business services sectors.
NetSupport Manager is a remote control and desktop management tool by NetSupport Ltd. Its initial role was to aid IT professionals in overseeing and controlling remote computers. The software enables remote operations like troubleshooting, distributing software, monitoring systems, and transferring files.
However, hackers have succeeded lately in using NetSupport Manager as a Remote Access Trojan (RAT). They use fake updates, malware loaders like GhostPulse, and phishing campaigns to deploy this software.
What`s new in the NetSupport RAT attacks
Researchers now say the attackers are using outdated versions of NetSupport RAT and disguise them with .BAT and .VBS files. Most recent attacks involved distributed NetSupport RAT through forged browser updates.
After visiting compromised websites, a malicious notification tricks the victims into downloading a fake browser update. Once the victim clicks on the download link, a Javascript payload gets on the victim’s device.
Then, the Javascript, named “Update_browser_10.6336.js,” fetches and runs a Powershell script from an external domain. After that, hackers download a ZIP file containing the NetSupport RAT. The archive includes multiple NetSupport dependencies, DLLs, and the NetSupport Manager.
Why is NetSupport RAT a danger to your organization’s safety?
After it gets into a company’s system, NetSupport RAT can:
- spy on user activities
- transfer files and exfiltrate data
- alter computer settings
- move laterally within the network
How can secure remote access practices keep you safe from NetSupport RAT
In a hybrid work environment secure remote access technologies help prevent all sorts of cyberattacks. So, here is a checklist of secure remote access best practices that I recommend against NetSupport RAT infections.
- Enforce Multi-Factor Authentication (MFA) across privileged accounts
- Implement Role-Based Access Control (RBAC)
- Patch and update software regularly
- Monitor and audit privileged sessions, to detect suspicious activity in time
- Educate employees to identify a phishing email
- Enforce the Principle of Least Privilege (POLP)
- Use a professional remote access & control tool to make sure your team doesn`t have to use unapproved solutions
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Heimdal® Remote Desktop Software
- Connect to any device and operating system;
- Invite more supporters to the same session;
- Connect from the Heimdal dashboard or desktop agent;
- Double encryption with RSA 2048/4096 and AES-256;