NetSupport RAT Java-based loader deployment
Malware Activity
Summary
Hide ▲
Show ▼
The NetSupport RAT delivery chain is installing remote-access malware on victim systems, enabling remote control after phishing and loader execution. The activity matters because it uses Java-based loaders and JAR files to blend into normal software flow while adding persistence and evasion measures.
Related Happenings
NetSupport RAT JAR loader activity targeting Kyrgyzstan and Uzbekistan
Malware Activity
First: 27.11.2025 20:13
Last: 27.11.2025 20:13
Sources 1
About this happening:
The **NetSupport RAT** activity used **malicious JAR loaders** to reach victims in **Kyrgyzstan** and **Uzbekistan**, extending a targeted phishing operation across **Central Asia...
NetSupport RAT JAR loader activity targeting Kyrgyzstan and Uzbekistan
Malware ActivityAbout this happening: The **NetSupport RAT** activity used **malicious JAR loaders** to reach victims in **Kyrgyzstan** and **Uzbekistan**, extending a targeted phishing operation across **Central Asia...
Bloody Wolf Central Asia spear-phishing campaign
Campaign
First: 27.11.2025 18:00
Last: 27.11.2025 18:00
Sources 1
How related:
Advisories published this week report the discovery of a sustained campaign operated by Bloody Wolf in Kyrgyzstan since at least June 2025, before extending its reach to Uzbekistan by early October.
About this happening:
The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...
Bloody Wolf Central Asia spear-phishing campaign
CampaignHow related: Advisories published this week report the discovery of a sustained campaign operated by Bloody Wolf in Kyrgyzstan since at least June 2025, before extending its reach to Uzbekistan by early October.
About this happening: The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...
ClickFix Finger protocol campaign targeting Windows devices
Campaign
First: 15.11.2025 20:46
Last: 15.11.2025 20:46
Sources 1
About this happening:
A **ClickFix** campaign is abusing the **Finger protocol** to retrieve and execute remote commands on **Windows devices**, turning a legacy command into a malware-delivery path. T...
ClickFix Finger protocol campaign targeting Windows devices
CampaignAbout this happening: A **ClickFix** campaign is abusing the **Finger protocol** to retrieve and execute remote commands on **Windows devices**, turning a legacy command into a malware-delivery path. T...
Timeline
-
27.11.2025 18:00 2 articles · 6mo ago
NetSupport RAT Java-based loader deployment
Initial DisclosureVictims who open the downloaded **JAR** trigger a **Java-based loader** that fetches extra components and installs **NetSupport RAT** for remote control. The loader then adds **autorun** and **scheduled-task** persistence while showing fake errors to distract users.
Show sources
- Bloody Wolf Threat Actor Expands Activity Across Central Asia — www.infosecurity-magazine.com — 27.11.2025 18:00
- Bloody Wolf Threat Actor Expands Activity Across Central Asia — www.infosecurity-magazine.com — 27.11.2025 18:00