Brad2024-12-17 (Tuesday): #SmartApeSG injected script leads to fake browser update page, and that page leads to a #NetSupport #RAT infection.
Just like my last post here, there are 2 injected scripts in a page from the compromised site, one using using depostsolo[.]biz and one using tactlat[.]xyz.
A #pcap of the infection traffic, associated malware samples and more information is available at https://www.malware-traffic-analysis.net/2024/12/17/index.html
NetSupportRAT C2 for this campaign continues to be 194.180.191[.]64 since as early as 2024-11-22.
