NetSupport RAT Java-based loader deployment
Malware Activity
Summary
Hide ▲
Show ▼
The NetSupport RAT delivery chain is installing remote-access malware on victim systems, enabling remote control after phishing and loader execution. The activity matters because it uses Java-based loaders and JAR files to blend into normal software flow while adding persistence and evasion measures.
Related Happenings
NetSupport RAT JAR loader activity targeting Kyrgyzstan and Uzbekistan
Malware Activity
H score22
First: 27.11.2025 20:13
Last: 27.11.2025 20:13
Sources 1
About this happening:
The **NetSupport RAT** activity used **malicious JAR loaders** to reach victims in **Kyrgyzstan** and **Uzbekistan**, extending a targeted phishing operation across **Central Asia...
NetSupport RAT JAR loader activity targeting Kyrgyzstan and Uzbekistan
Malware ActivityAbout this happening: The **NetSupport RAT** activity used **malicious JAR loaders** to reach victims in **Kyrgyzstan** and **Uzbekistan**, extending a targeted phishing operation across **Central Asia...
Bloody Wolf Central Asia spear-phishing campaign
Campaign
H score33
First: 27.11.2025 18:00
Last: 27.11.2025 18:00
Sources 1
How related:
Advisories published this week report the discovery of a sustained campaign operated by Bloody Wolf in Kyrgyzstan since at least June 2025, before extending its reach to Uzbekistan by early October.
About this happening:
The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...
Bloody Wolf Central Asia spear-phishing campaign
CampaignHow related: Advisories published this week report the discovery of a sustained campaign operated by Bloody Wolf in Kyrgyzstan since at least June 2025, before extending its reach to Uzbekistan by early October.
About this happening: The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...
ClickFix Finger protocol campaign targeting Windows devices
Campaign
H score33
First: 15.11.2025 20:46
Last: 15.11.2025 20:46
Sources 1
About this happening:
A **ClickFix** campaign is abusing the **Finger protocol** to retrieve and execute remote commands on **Windows devices**, turning a legacy command into a malware-delivery path. T...
ClickFix Finger protocol campaign targeting Windows devices
CampaignAbout this happening: A **ClickFix** campaign is abusing the **Finger protocol** to retrieve and execute remote commands on **Windows devices**, turning a legacy command into a malware-delivery path. T...
Timeline
-
27.11.2025 18:00 2 articles · 7mo ago
NetSupport RAT Java-based loader deployment
Initial DisclosureVictims who open the downloaded **JAR** trigger a **Java-based loader** that fetches extra components and installs **NetSupport RAT** for remote control. The loader then adds **autorun** and **scheduled-task** persistence while showing fake errors to distract users.
Show sources
- Bloody Wolf Threat Actor Expands Activity Across Central Asia — www.infosecurity-magazine.com — 27.11.2025 18:00
- Bloody Wolf Threat Actor Expands Activity Across Central Asia — www.infosecurity-magazine.com — 27.11.2025 18:00