Jun 3, 2026
C2 Hosts: 1
NetSupportManager RAT
Also known as: NetSupport
Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. The purpose of the NetSupport Manager tool is to enable users to receive remote technical support or provide remote computer assistance. However, cyber crooks have hijacked this useful application and misappropriated it to use it in their harmful campaigns. The name of the modified version of the NetSupport Manager has been labeled the NetSupport Manager RAT.
C2 Infrastructure
Hosting/VPS 67%
ISP/Residential 33%
Last 7 days
May 30, 2026
C2 Hosts: 1
May 28, 2026
C2 Hosts: 1
| Date | C2 Hosts |
|---|---|
| Jun 3, 2026 | 1 |
| May 30, 2026 | 1 |
| May 28, 2026 | 1 |
Further Reading
PrivateLoader: the loader of the prevalent ruzki PPI service opens in a new tab
PrivateLoader is a downloader malware family. It is used as part of a PPI service, to deliver payloads of multiple malware families.
blog.sekoia.io
NetSupport RAT and RMS in malicious emails opens in a new tab
Attackers are sending malicious scripts that download the Remote Manipulator System (RMS) build, known as BurnsRAT, and NetSupport RAT
securelist.com
GHOSTPULSE haunts victims using defense evasion bag o' tricks — Elastic Security Labs opens in a new tab
Elastic Security Labs reveals details of a new campaign leveraging defense evasion capabilities to infect victims with malicious MSIX executables.
elastic.co
GrayAlpha Unmasked: New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks opens in a new tab
Insikt Group exposes GrayAlpha’s evolving infrastructure and infection methods—including PowerNet and MaskBat loaders, fake 7-Zip sites, and the undocumented TAG-124 network—linking the group to FI...
recordedfuture.com
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs - Rewterz opens in a new tab
Severity High Analysis Summary Microsoft stated that it is disabling the ms-appinstaller protocol handler again after various threat actors exploited it as an initial access vector to distribute ma...
rewterz.com
Tracing the Path from SmartApeSG to NetSupport RAT | Team Cymru opens in a new tab
Investigation reveals how SmartApeSG delivers NetSupport RAT, exposing links to RAT clusters, crypto services, and suspicious infrastructure. Learn more.
team-cymru.com
SmartApeSG walkthrough - ThreatDown by Malwarebytes opens in a new tab
In this walkthrough, we test SmartApeSG, a malware campaign distributed via compromised sites.
threatdown.com
New OpcJacker Malware Distributed via Fake VPN Malvertising opens in a new tab
We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second hal...
trendmicro.com