As reported by HackRead, a sophisticated malware campaign dubbed JS#SMUGGLER has been identified, capable of delivering the potent NetSupport RAT to gain covert control over victim computers. Security analytics platform Securonix detailed the three-stage infection process designed to evade detection.The JS#SMUGGLER campaign begins when a user visits a compromised website, triggering an obfuscated JavaScript loader. This script checks for desktop users and runs only once to avoid suspicion before fetching the next stage. The second stage involves a hidden HTML Application (HTA) executed via mshta.exe. This HTA contains heavily encrypted code, layered with AES-256-ECB, Base64, and GZIP, ensuring it decodes only in memory and avoids writing malicious files to disk. The final stage deploys NetSupport RAT, a legitimate IT tool repurposed by attackers for malicious remote access. Once installed, the RAT allows hackers to take full control of desktops, steal files, execute commands, and conduct surveillance. The malware is made persistent through a fake startup shortcut, such as one named WindowsUpdate.lnk, ensuring it launches automatically upon login.The multi-layered tactics employed by JS#SMUGGLER highlight the evolving sophistication of cyber threats. This campaign underscores the critical need for enhanced endpoint defenses capable of detecting suspicious script activity and unauthorized process execution. Users are advised to exercise extreme caution with software downloads and to maintain vigilance against advanced persistent threats that leverage legitimate tools for malicious purposes.Source: HackRead
Malware, Security Operations
JS#SMUGGLER campaign delivers NetSupport RAT via multi-stage attack

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


