Cybersecurity researchers have sounded the alarm about a new malware campaign called JS#SMUGGLER, which is using hacked websites to distribute the NetSupport remote access trojan (RAT). Securonix analysed the attack method, describing it as a multi-stage sequence designed to evade detection and grant attackers full control of infected systems.
The chain begins with an obfuscated JavaScript loader that is injected into a compromised website. It then progresses to an HTML Application (HTA) file that launches encrypted PowerShell stagers through the Windows tool mshta.exe, followed by a PowerShell payload that downloads the main RAT.
According to researchers Akshay Gaikwad, Shikha Sangwan, and Aaron Beardslee, “NetSupport RAT enables full attacker control over the victim host, including remote desktop access, file operations, command execution, data theft and proxy capabilities.”
There is currently no clear link to a specific threat group or country. The campaign targets enterprise users by redirecting them through infected websites, indicating broad targeting rather than a focused sector-specific effort.
Securonix said the malware uses hidden iframes, scrambled JavaScript loaders and layered script execution. When a victim visits a compromised website, the injected script checks the device type. Mobile users are redirected to a full-screen ifram
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: