Threat actors are currently utilizing NetSupport RAT, a remote access trojan [1] [2] [3], to target the education [1] [2] [3], government [1] [2] [3], and business services sectors [1] [2] [3]. This article provides an overview of the tactics employed by these threat actors and the potential risks associated with NetSupport RAT.


NetSupport RAT is typically distributed through deceptive websites, fake browser updates [1] [3], fraudulent updates [1] [2], drive-by downloads [1] [2], malware loaders like GHOSTPULSE [2], and phishing campaigns [1] [2]. Recent reports from a cybersecurity firm have identified 15 new infections related to NetSupport RAT. Once installed, this trojan enables threat actors to monitor user behavior, transfer files [1] [3], manipulate computer settings [1] [3], and spread to other devices within the network [1] [3]. It is often linked to SocGholish, a JavaScript-based downloader malware [3], which in turn propagates a loader malware known as BLISTER. These details are relevant to understanding the specific sectors targeted by NetSupport RAT.


The use of NetSupport RAT poses significant risks to the education, government [1] [2] [3], and business services sectors [1] [2] [3]. Organizations within these sectors should be vigilant and implement robust cybersecurity measures to detect and prevent infections. It is crucial to educate users about the potential dangers of deceptive websites, fake updates, and phishing campaigns [1] [2]. Additionally, ongoing monitoring and timely response to new threats are essential to mitigate the impact of NetSupport RAT and similar trojans.