NetSupport Manager Remote Control Software Delivered in Malicious Campaign
FireEye recently identified a new malicious operation that leverages compromised websites to install the NetSupport Manager remote control software on systems, unbeknownst to users. When visited, these websites prompt the user to download and install the NetSupport Manager executable disguised as updates for popular applications such as Adobe Flash, Chrome, and Firefox. Since this remote access software is a legitimate tool commonly used by administrators to gain authorized remote access to computers on a network, it may evade antivirus detection when delivered by this campaign, especially if the tool has been whitelisted in the environment. The NJCCIC recommends all network administrators review FireEye’s report for additional information and scan all systems for the associated indicators of compromise (IoCs). Current users and administrators of the NetSupport Manager remote control software are encouraged to audit all instances of the software on their network to ensure secure configurations and help differentiate between legitimate and potentially malicious installations.