Electronic SecurityNews

Hackers Employ RAT – Net Support Manager – to Install Malicious Code into Target System

The legit remote access tool (RAT) referred to as NetSupport Supervisor, utilized for troubleshooting and tech support, is being used as a malicious weapon by cybercriminals. Researchers at Palo Alto Networks’ Unit 42 unit have noticed a spam campaign making an attempt to deliver a malicious Microsoft Word doc that makes use of the disguise of a NortonLifeLock-protected file.

Hackers Employ RAT – Net Support Manager – to Install Malicious Code into Target System

NortonLifeLock is a security application for password-protecting attachments, among other issues. If a recipient opens the document through Microsoft Office Outlook, a dialog box appears that asks users to “allow content” to open the document – clicking “yes” executes macros.

Researchers stated the password is likely provided in the body of the phishing email since it has to be correct. No malicious activity takes place until the right key is typed. Once the key is approved, the macros build and execute a batch file titled ‘alpaca.bat’.

The campaign makes use of a range of techniques to unclear its activity from dynamic as well as static analysis, based on researchers. For instance, the batch script uses msiexec, which is a legit part of the Windows Installer service.

It’s utilized to install a Microsoft Intermediate Language (MSIL) binary from a real domain, which has been compromised. Once downloaded, the binary will execute using the /q parameter to stop any Windows dialogs from the user.

The campaign uses the PowerShell PowerSploit framework to install the malicious file. The MSI installs a PowerShell script in the sufferer’s %temp% directory titled REgistryMPZMZQYVXO.ps1.

This contains another PowerShell script that is used for installing the NetSupport Manager RAT onto the target’s system.


Carlton Peterson

Carlton is the contributing author of electronic security. His field of communication is fascinating since he writes about that side of the industry which is costly, less used but more inclined upon by developed countries. Electronic securities have been seeing an upward graph nowadays, but the current scenario still needs to be changed. Carlton’s articles reflect the real happening wrapped up in formally written words.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *