Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from a legitimate accounting service. The phishing emails prompt recipients to download an attached Office Word file (.docx) to view their “monthly salary report”. After downloading the file, victims are instructed to enter the provided password, click “enable editing”, and then double-click a printer image to view the “salary graph.” But the clickable printer image is actually an Object Linking and Embedding (OLE) package, which is a Microsoft Windows feature that allows data and object sharing between applications.
Read more: https://www.helpnetsecurity.com/2024/03/22/emails-delivering-netsupport-rat/