In early January 2024, eSentire’s machine learning detected malicious PowerShell script execution associated with SmartApeSG, a threat actor distributing NetSupport RAT via fake browser updates. The threat begins with the end user visiting a compromised site serving a ZIP with a JavaScript file that retrieves and executes a PowerShell command to download, decode, and deploy NetSupport components. This highlights social engineering via fake updates, obfuscation techniques, decoding malware, and typical deployment strategies. Recommendations include training users on malicious content, restricting risky file types, providing approved software downloads, and using antivirus, NGAV, and EDR to detect threats.

Click for details.