May 23, 2026
C2 Hosts: 4
SmartApeSG
Also known as: HANEYMANEY, ZPHP
According to Proofpoint, this is a cluster of fake update campaigns delivering payloads like NetSupportManager RAT and Lumma Stealer.
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| May 23, 2026 | 4 |
Further Reading
Tracing the Path from SmartApeSG to NetSupport RAT | Team Cymru
Investigation reveals how SmartApeSG delivers NetSupport RAT, exposing links to RAT clusters, crypto services, and suspicious infrastructure. Learn more.
team-cymru.com
SmartApeSG walkthrough - ThreatDown by Malwarebytes
In this walkthrough, we test SmartApeSG, a malware campaign distributed via compromised sites.
threatdown.com