Tag: NetSupport RAT

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
News

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

The financially motivated threat actor known as FIN7 has been seen distributing MSIX installers that ultimately lead to the deployment of NetSupport RAT by using malicious Google advertising that mimic reputable firms. According to a report released earlier this week by cybersecurity firm eSentire, the threat actors impersonated well-known organizations, such as AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet, using malicious websites. A persistent e-crime outfit that has been operating since 2013, FIN7 (also known as Carbon Spider and Sangria Tempest) first dabbled in attacks aimed at point-of-sale (PoS) devices to steal payment data before refocusing on ransomware campaigns to penetrate large firms. The threat actor has improved its...
New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
News

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

The goal of a recent phishing attempt is to infect American companies with the remote access malware known as NetSupport RAT. Operation PhantomBlu is the name given to the activities that is being tracked by the Israeli cybersecurity company Perception Point. Security researcher Ariel Davidpur stated, "The PhantomBlu operation introduces a nuanced exploitation method that deviates from the standard delivery mechanism of NetSupport RAT by leveraging OLE (Object Linking and Embedding) template manipulation, exploiting Microsoft Office document templates to execute malicious code while evading detection." A malicious branch of the legitimate remote desktop program NetSupport Manager read more New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT. Get up ...