Find notable cyber news and cases, enriched with sources, timelines, and signals.

NetSupport RAT Java-based loader deployment

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The NetSupport RAT delivery chain is installing remote-access malware on victim systems, enabling remote control after phishing and loader execution. The activity matters because it uses Java-based loaders and JAR files to blend into normal software flow while adding persistence and evasion measures.

Related Happenings

NetSupport RAT JAR loader activity targeting Kyrgyzstan and Uzbekistan

Malware Activity
H score22 First: 27.11.2025 20:13 Last: 27.11.2025 20:13 Sources 1

About this happening: The **NetSupport RAT** activity used **malicious JAR loaders** to reach victims in **Kyrgyzstan** and **Uzbekistan**, extending a targeted phishing operation across **Central Asia...

Bloody Wolf Central Asia spear-phishing campaign

Campaign
H score33 First: 27.11.2025 18:00 Last: 27.11.2025 18:00 Sources 1

How related: Advisories published this week report the discovery of a sustained campaign operated by Bloody Wolf in Kyrgyzstan since at least June 2025, before extending its reach to Uzbekistan by early October.

About this happening: The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...

ClickFix Finger protocol campaign targeting Windows devices

Campaign
H score33 First: 15.11.2025 20:46 Last: 15.11.2025 20:46 Sources 1

About this happening: A **ClickFix** campaign is abusing the **Finger protocol** to retrieve and execute remote commands on **Windows devices**, turning a legacy command into a malware-delivery path. T...

Timeline

  1. 27.11.2025 18:00 2 articles · 7mo ago

    NetSupport RAT Java-based loader deployment

    Initial Disclosure

    Victims who open the downloaded **JAR** trigger a **Java-based loader** that fetches extra components and installs **NetSupport RAT** for remote control. The loader then adds **autorun** and **scheduled-task** persistence while showing fake errors to distract users.

    Show sources