Jun 9, 2026
C2 Hosts: 1
SmartApeSG
Also known as: HANEYMANEY, ZPHP
According to Proofpoint, this is a cluster of fake update campaigns delivering payloads like NetSupportManager RAT and Lumma Stealer.
C2 Infrastructure
Hosting/VPS 90%
ISP/Residential 10%
Last 7 days
Jun 8, 2026
C2 Hosts: 3
Jun 6, 2026
C2 Hosts: 1
Jun 5, 2026
C2 Hosts: 2
Jun 4, 2026
C2 Hosts: 1
Jun 3, 2026
C2 Hosts: 2
| Date | C2 Hosts |
|---|---|
| Jun 9, 2026 | 1 |
| Jun 8, 2026 | 3 |
| Jun 6, 2026 | 1 |
| Jun 5, 2026 | 2 |
| Jun 4, 2026 | 1 |
| Jun 3, 2026 | 2 |
Further Reading
Tracing the Path from SmartApeSG to NetSupport RAT | Team Cymru opens in a new tab
Investigation reveals how SmartApeSG delivers NetSupport RAT, exposing links to RAT clusters, crypto services, and suspicious infrastructure. Learn more.
team-cymru.com
SmartApeSG walkthrough - ThreatDown by Malwarebytes opens in a new tab
In this walkthrough, we test SmartApeSG, a malware campaign distributed via compromised sites.
threatdown.com