Mastodawn

Tony Lambert Feb 26, 2023

New blog post! In this one I take a look at a malicious installer that installs NetSupport Manager onto an unwitting victim, and I walk through artifacts you can find when it's used as malware.

https://forensicitguy.github.io/netsupport-manager-malicious-installer/

#netsupportmanager #malware

NetSupport Manager RAT from a Malicious Installer

Adversaries love to use pre-made tools for remote access and one perennial favorite is the legitimate NetSupport Manager. This post is a short and sweet look at a malicious installer that distributes NetSupport Manager to unwitting victims, allowing remote control to adversaries. If you want to follow along at home, I’m working with this file from MalwareBazaar: https://bazaar.abuse.ch/sample/8ccff473270017f72b0910ea0404d670cc6c0ebee16977accc7cbcf137ba168b/.

Tony Lambert

ITSEC News Mar 2, 2020

NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs - The legitimate remote-access tool is being used to maliciously infect victims and allow remote cod... more: https://threatpost.com/netsupport-manager-rat-nortonlifelock-docs/153387/ #maliciousworddocument #remotecodeexecution #netsupportmanager #paloaltonetworks #phishingcampaign #remoteaccesstool #nortonlifelock #websecurity #malware #macros #rat

NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs

The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.

Threatpost - English - Global - threatpost.com