New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites

Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access.

Security analytics and operations management platform Securonix recently published details on a tricky new malware campaign they named JS#SMUGGLER. This attack delivers a powerful tool known as NetSupport RAT, giving hackers complete, secret control over victims’ computers.

Securonix’s Threat Research team, including analysts Akshay Gaikwad, Shikha Sangwan, and Aaron Beardslee, conducted the analysis, which was shared with Hackread.com.

The Three-Step Infection

The entire attack is designed in three stages to make sure security systems don’t notice it. The process begins when a user simply visits a compromised website. The first step uses an obfuscated JavaScript loader. Obfuscation means the hackers purposely jumble their code, even hiding the malicious instructions ...