Loading
Yanuki
ARTICLE DETAIL
JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Conduent Data Breach Impacts Millions: What You Need to Know | Conduent Data Breach Exposes Millions of Americans | Why Smart People Fall For Phishing Attacks | Building AI-Enabled Cybersecurity Resilience | CISOs to Pour 2026 Budgets into AI as Cybersecurity Priorities Shift | Record Data Breaches in 2025: Key Takeaways and What It Means for You | Why Incident Response Plans Often Fail | Data Breaches Hit Record High in 2025: Steps to Protect Your Data | JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Conduent Data Breach Impacts Millions: What You Need to Know | Conduent Data Breach Exposes Millions of Americans | Why Smart People Fall For Phishing Attacks | Building AI-Enabled Cybersecurity Resilience | CISOs to Pour 2026 Budgets into AI as Cybersecurity Priorities Shift | Record Data Breaches in 2025: Key Takeaways and What It Means for You | Why Incident Response Plans Often Fail | Data Breaches Hit Record High in 2025: Steps to Protect Your Data

Cybersecurity / Cyber Attacks

JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites

Cybersecurity researchers have uncovered a sophisticated campaign named JS#SMUGGLER that leverages compromised websites to distribute the NetSupport RAT (Remote Access Trojan). This multi-stage attack grants cybercriminals extensive control...

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Share
X LinkedIn

cybersecurity news today
JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites Image via The Hacker News

Key Insights

  • JS#SMUGGLER uses compromised websites to spread NetSupport RAT.
  • The attack involves a three-stage process: obfuscated JavaScript loader, hidden HTA execution, and PowerShell payload delivery.
  • NetSupport RAT allows attackers to remotely control desktops, steal data, and execute commands.
  • The campaign employs multiple layers of obfuscation and evasion techniques to avoid detection.
  • Why this matters: This campaign demonstrates the increasing sophistication of web-based malware attacks and the need for enhanced security measures to protect against remote access threats.

In-Depth Analysis

The JS#SMUGGLER campaign is a complex, multi-stage web-based malware operation. Here's a breakdown:

1. **Compromised Websites:** Attackers inject a heavily obfuscated JavaScript loader ("phone.js") into compromised websites. This loader is retrieved from attacker-controlled domains. 2. **Device Profiling:** The JavaScript loader profiles the device visiting the website. Mobile users are redirected to a full-screen iframe, while desktop users trigger a remote script injection. 3. **Hidden HTA Execution:** A malicious HTML Application (HTA) is executed silently using "mshta.exe," a legitimate Windows component. This HTA deploys a fileless PowerShell stager. 4. **PowerShell Payload:** The PowerShell stager decrypts and executes a payload in memory, avoiding detection. This payload retrieves and deploys NetSupport RAT. 5. **NetSupport RAT Deployment:** NetSupport RAT is installed, granting attackers complete remote control over the compromised host. The malware achieves persistence by creating a disguised shortcut in the Windows Startup folder.

This campaign uses multiple evasion techniques, including obfuscation, encryption, and fileless execution, to bypass traditional security measures. The attackers also employ a tracking mechanism to ensure the malicious logic is fired only once per visit, minimizing the chances of detection.

Read source article

FAQ

What is JS#SMUGGLER?

JS#SMUGGLER is a sophisticated, multi-stage web-based malware campaign that uses compromised websites to distribute the NetSupport RAT.

What is NetSupport RAT?

NetSupport RAT (Remote Access Trojan) is a legitimate remote administration tool that is being used maliciously to gain unauthorized access and control over victim systems.

How can I protect myself from this type of attack?

Validate all software downloads carefully, strengthen your endpoint defenses to detect suspicious script activity, enforce strict script execution policies, enable PowerShell logging, and monitor Startup folder changes.

Takeaways

  • The JS#SMUGGLER campaign highlights the importance of being cautious when visiting websites, as even legitimate sites can be compromised.
  • Organizations and individuals should implement robust security measures, including endpoint detection and response (EDR) solutions, to detect and prevent such attacks.
  • Regular security audits and employee training can help reduce the risk of falling victim to web-based malware campaigns.

Discussion

Do you think these types of attacks will become more common? What security measures do you have in place to protect against them? Share this article with others who need to stay ahead of this trend!

Sources

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT Sophisticated Multi-Stage JS#SMUGGLER Attack Installs 'NetSupport RAT' to Seize Complete System Control New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites

Disclaimer

This article was compiled by Yanuki using publicly available data and trending information. The content may summarize or reference third-party sources that have not been independently verified. While we aim to provide timely and accurate insights, the information presented may be incomplete or outdated.

All content is provided for general informational purposes only and does not constitute financial, legal, or professional advice. Yanuki makes no representations or warranties regarding the reliability or completeness of the information.

This article may include links to external sources for further context. These links are provided for convenience only and do not imply endorsement.

Always do your own research (DYOR) before making any decisions based on the information presented.

Related Stories

Cybersecurity / Data Breach

Conduent Data Breach Impacts Millions: What You Need to Know

A significant data breach at Conduent, a business services provider, has exposed the sensitive personal and medical information of millions of individuals across the United States. This incident has triggered investigations and lawsuits, ra...

Massive data breach at N.J. company that exposed millions being investigated as lawsuits are filed

Cybersecurity / Data Breaches

Conduent Data Breach Exposes Millions of Americans

A significant data breach at Conduent, a major government tech contractor, has impacted millions of Americans, exposing sensitive information like Social Security numbers and medical data. This incident highlights the increasing risks assoc...

Conduent data breach impacts more than 181,000 New Hampshire residents

Cybersecurity / Phishing

Why Smart People Fall For Phishing Attacks

Despite advancements in cybersecurity, phishing attacks remain a persistent threat, often exploiting human psychology and cognitive biases. This article explores why even smart people fall victim to these scams and offers strategies for sta...

Why Smart People Fall For Phishing Attacks

Cybersecurity / AI Security

Building AI-Enabled Cybersecurity Resilience

Artificial intelligence is fundamentally changing the cybersecurity landscape. Organizations are shifting their focus to AI-driven solutions to enhance resilience against increasingly sophisticated AI-enabled cyber threats. This article exp...

How can we build intelligent resilience against cyber threats in the age of AI

Cybersecurity / AI

CISOs to Pour 2026 Budgets into AI as Cybersecurity Priorities Shift

A recent survey by Glilot Capital indicates a major shift in cybersecurity investment, with nearly 80% of CISOs planning to allocate significant portions of their 2026 budgets to AI-driven cybersecurity solutions and automation. This reflec...

These A.I. Dreamers Don’t Fit the Stereotype

Cybersecurity / Data Breaches

Record Data Breaches in 2025: Key Takeaways and What It Means for You

2025 saw a record number of data breaches, according to a recent report. While the number of breaches increased, the number of victim notifications decreased, suggesting a shift towards smaller, more targeted attacks. This article summarize...

Report finds record number of data breaches in 2025

Cybersecurity / Incident Response

Why Incident Response Plans Often Fail

Cybersecurity incidents can significantly disrupt operations and lead to substantial financial losses. Organizations often find that their incident response plans fall short when faced with real-world challenges. Understanding why these pla...

Why incident response breaks down when it matters most

Cybersecurity / Data Breaches

Data Breaches Hit Record High in 2025: Steps to Protect Your Data

In 2025, data breaches reached a new record high, underscoring the increasing vulnerability of personal information. The Identity Theft Resource Center (ITRC) reported a 5% increase in data compromises compared to the previous year, with 3,...

Data breaches climbed to a record high in 2025. How to protect your personal information