Deploying NetSupport RAT via WordPress & ClickFix
Deploying NetSupport RAT via WordPress & ClickFix
Source: Cybereason
Excerpt:
Delivery Mechanism
Threat actors utilize phishing campaigns to distribute a malicious website link through:
- Phishing emails
- PDF attachments
- Gaming websites
Attack Flow
- Website Compromise: Malicious script injects iframe on compromised site on victims’ access.
- DOM Manipulation: The threat actor manipulates the Document Object Model (DOM) to display a fake CAPTCHA page.
- Payload Delivery: Users, following the fake CAPTCHA instructions, download the NetSupport RAT.
- Post-Infection: The threat actor connects to the NetSupport Client process and performs reconnaissance using the NetSupport Remote Command Prompt.
To read the complete article see:
NetSupport RAT via WordPress & ClickFix
This post is licensed under CC BY 4.0 by the author.