Discussing the threat, the Microsoft Security Intelligence team’s Twitter posted: “The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload.
“NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines”.
The RAT is also capable of compromising a victim’s Windows 10 machine even further by installing other malicious tools and scripts.
The Microsoft Security Intelligence Twitter added: “The NetSupport RAT used in this campaign further drops multiple components, including several .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. It connects to a C2 server, allowing attackers to send further commands”.
If you have already fallen victim to this campaign then you should assume your data has been compromised and that a malicious party has tried to steal your passwords.
Make sure you clean the infected device and change all passwords on your machine as well as those belonging to other computers on your network.
Published at Sat, 23 May 2020 06:01:00 +0000