Deploying NetSupport RAT via WordPress & ClickFix
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A threat actor is using compromised WordPress websites to distribute a malicious version of NetSupport Manager Remote Access Tool (RAT). The attack chain involves phishing campaigns, website compromise, DOM manipulation, and a fake CAPTCHA page. The malware is delivered through a batch file that downloads and executes NetSupport Client files. Post-infection, the attacker uses NetSupport's features for reconnaissance and further exploitation. The attack utilizes various JavaScript files and DOM manipulation techniques to evade detection. Multiple IP addresses and domains associated with the attack infrastructure have been identified, primarily linked to hosting providers in Moldova.
OPENCTI LABELS :
phishing,netsupport rat,remote access,wordpress,post-exploitation,fake captcha,dom manipulation
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Deploying NetSupport RAT via WordPress & ClickFix