Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers have identified a new campaign called JS#SMUGGLER that leverages compromised websites to distribute NetSupport RAT malware. The attack chain involves three main components: an obfuscated JavaScript loader injected into compromised websites, an HTML Application (HTA) that runs encrypted code, and the final NetSupport RAT payload. This campaign demonstrates the continued use of legitimate remote access tools for malicious purposes and highlights the risks of website compromises as distribution vectors for malware.