Tech »  Topic »  NetSupport RAT Spreads Through Compromised WordPress Sites Using ClickFix Technique

NetSupport RAT Spreads Through Compromised WordPress Sites Using ClickFix Technique


The Cybereason Global Security Operations Center (GSOC) has uncovered a sophisticated campaign by threat actors who are exploiting compromised WordPress websites to distribute malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT).

This campaign, detailed in a recent report, employs phishing emails, PDF attachments, and even gaming websites to lure unsuspecting users into a multi-stage attack chain designed to deploy the NetSupport RAT payload.

Malicious Campaigns Leverage Phishing

The intricate use of malicious JavaScript and DOM manipulation techniques underscores the growing technical prowess of cybercriminals aiming to infiltrate systems for reconnaissance and further exploitation.

JavaScript files

The attack begins when victims are redirected to a malicious WordPress site through one of the aforementioned delivery methods.

Threat actors embed malicious JavaScript within the site’s meta description and anchor tags, triggering the download of a script named “j.js” from domains like islonline[.]org.

This script, which varies depending ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE