The Reveal Platform
Intel Name: Deploying netsupport rat via wordpress & clickfix
Date of Scan: July 10, 2025
Impact: High
Summary: In May 2025, threat actors were found hosting malicious WordPress sites to distribute tampered versions of the legitimate NetSupport Manager Remote Access Tool (RAT). This report examines the techniques and tools used to deploy the NetSupport RAT, with a focus on malicious JavaScript. Attackers deliver links to these sites through phishing campaigns, including phishing emails, PDF attachments, and gaming websites. These methods aim to lure users into unknowingly downloading the malicious RAT payload.
