New Phishing Campaign Delivers NetSupport Manager RAT Via MS Word

Researchers have discovered a new phishing campaign in the wild that targets users with a RAT. Briefly, this phishing campaign delivers NetSupport Manager RAT via malicious Word files.

Phishing Campaign Delivering NetSupport Manager RAT

Reportedly, researchers from Palo Alto Networks’ Unit 42 division have uncovered a malicious phishing campaign delivering the NetSupport Manager RAT.

Elaborating on their findings in a blog post, the researchers stated that the hackers seemingly try to steal information from the victim machines through this RAT. They may also use the remote access they achieve via this tool for other malicious activities.

This RAT is typically used for legitimate purposes allowing administrators remote access to client computers. However, malicious operators are installing the RAT to victim’s systems allowing them to gain unauthorized access.

Briefly, the attack begins via phishing emails bearing a Word file as an attachment. The researchers noted an attachment named ‘NortonLifeLock’. This is a password-protected file that lures the user to open the document. The password for opening the file is probably contained in the email that delivers the attachment.

Upon enabling macros, a dialog box appears asking for the password. Entering the password then triggers malicious code execution which leads to the deployment of NetSupport Manager RAT. Following its installation, the attacker gains complete access to the target system.

What’s unique with this campaign is that no malicious activity begins unless the victim enters the correct password to unlock the file.

Technical details about the phishing attack are available in the researchers’ post.

Possible Preventions

Other measures to prevent becoming a victim to this campaign include disabling macros by default. As always, users must refrain from opening any attachments in any emails unless sure about the sender’s legitimacy. Organizations should also focus on training their employees regarding phishing attacks and cybersecurity.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Reference: Source link

Sr. SDET M Mehedi Zaman

Currently working as Sr. SDET at Robi Axiata Limited, a subsidiary of Axiata Group.

Leave a Reply

Your email address will not be published. Required fields are marked *