NetSupport RAT Campaigns Exploit ClickFix Lures

First reported

30.10.2025 12:54

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Threat actors continue to use ClickFix-style social engineering lures to distribute loaders for NetSupport RAT. This RAT is a legitimate Remote Monitoring and Management (RMM) tool that is misused for unauthorized remote control of compromised machines. The campaign coincides with an increase in phishing efforts distributing fileless versions of Remcos RAT, another tool advertised as legitimate but frequently used in hacking campaigns. The NetSupport RAT campaign is notable for its use of deceptive tactics to gain initial access, leveraging the trust associated with legitimate software to evade detection. The ongoing distribution of these RATs highlights the persistent threat posed by social engineering and the misuse of legitimate tools for malicious purposes.

Timeline

30.10.2025 12:54 1 articles · 11d ago

NetSupport RAT Campaigns Exploit ClickFix Lures
Threat actors are leveraging ClickFix-style social engineering lures to distribute loaders for NetSupport RAT, a legitimate RMM tool misused for unauthorized remote control of compromised machines. This campaign coincides with an increase in phishing efforts distributing fileless versions of Remcos RAT, another tool frequently used in hacking campaigns. The use of deceptive tactics to gain initial access underscores the persistent threat posed by social engineering and the misuse of legitimate software for malicious purposes.
Show sources

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising — thehackernews.com — 30.10.2025 12:54
Open in new tab

Information Snippets

NetSupport RAT is a legitimate RMM tool misused by threat actors for unauthorized remote control of compromised machines.
First reported: 30.10.2025 12:54

1 source, 1 article
Show sources
- ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising — thehackernews.com — 30.10.2025 12:54
The NetSupport RAT is primarily distributed via the ClickFix initial access vector, which involves social engineering lures.
First reported: 30.10.2025 12:54

1 source, 1 article
Show sources
- ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising — thehackernews.com — 30.10.2025 12:54
There has been a spike in phishing campaigns distributing fileless versions of Remcos RAT.
First reported: 30.10.2025 12:54

1 source, 1 article
Show sources
- ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising — thehackernews.com — 30.10.2025 12:54
Remcos RAT is advertised as legitimate software for surveillance and penetration testing but is frequently used in hacking campaigns.
First reported: 30.10.2025 12:54

1 source, 1 article
Show sources
- ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising — thehackernews.com — 30.10.2025 12:54