New Crime Campaign launches NetSupport Manager RAT Via MS Word
By Yash Kudal
Reportedly, researchers from the Palo Alto Networks Unit 42 team have found a phishing campaign by NetSupport manager RAT. Investigators say hackers are trying to steal information from victim’s machines through the RAT. They may also gain remote access by using this tool for other harmful activities.
In short, this attack starts with phishing emails containing word files as an attachment. Investigators have identified an attachment called ‘NortonLifeLock’. This is a password-protected file that lets the user open the document. The password required to open the file is enclosed within the email. When enabling macros, a dialog box appears and asks for a password. Password encryption then triggers malicious coding that results in the installation of NetSupport manager RAT. After its installation, the attacker gains complete access to the target system. What is unique about this campaign is that no malicious activity starts unless the victim logs in with the correct password to open the file.
Other ways to prevent victimization in this campaign include automatically disabling macros. As always, users should refuse to open any attachments in any email unless they are sure of the sender’s legitimacy. Organizations should also focus on training their staff in cybersecurity.