Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

JS#SMUGGLER compromised-website NetSupport RAT delivery campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The JS#SMUGGLER campaign is using compromised websites to deliver NetSupport RAT, creating a path to remote control, file operations, command execution, and data theft on enterprise hosts. The multi-stage chain matters because it hides the infection behind layered scripts and makes detection harder. The operation appears to be broad rather than tied to a single victim.

Related Happenings

JackFix ClickFix fake-adult-site phishing campaign

Campaign
First: 25.11.2025 16:18 Last: 25.11.2025 16:18 Sources 1

About this happening: The **JackFix** campaign is using **fake adult websites** and **ClickFix** lures to trick users into running malicious commands, enabling an infection chain that can drop **steale...

Open Happening

EVALUSION ClickFix phishing campaign delivering Amatera Stealer and NetSupport RAT

Campaign
First: 17.11.2025 18:53 Last: 17.11.2025 18:53 Sources 1

About this happening: The **EVALUSION** campaign is using **ClickFix** lures to push **Amatera Stealer** and **NetSupport RAT**, raising the risk of credential theft and remote access. Victims are bein...

Open Happening

Timeline

  1. 08.12.2025 19:37 2 articles · 5mo ago

    Securonix discloses JS#SMUGGLER NetSupport RAT delivery campaign

    Initial Disclosure

    Securonix says JS#SMUGGLER is a multi-stage web malware campaign that uses compromised websites to target enterprise users and deliver NetSupport RAT through obfuscated JavaScript, hidden iframes, an HTA launched with mshta.exe, and a PowerShell stager. The described chain profiles the victim device to steer mobile and desktop users down different infection paths, then decrypts and executes payloads designed to download the main malware for remote desktop access, file operations, command execution, data theft, and proxy capabilities.

    Show sources
    Open in new tab