Also known as: NetSupport Manager, NetSupport Manager RAT
Category: Malware
Type: Trojan, remote access trojan, backdoor
Platform: Windows
Variants: Win32/RemoteAdmin.NetSupportManager.D, Win32/NetSupportRat!MTB, Win32/NetSupportRat.CCC!MTB
Damage potential: Unauthorized remote access, data theft, installation of additional malware, espionage and surveillance, system manipulation and control, ransomware attacks, disruption of services.
Overview
NetSupport RAT is a type of malware that takes advantage of a real and legitimate software product called NetSupport Manager. The software, which has been used for over 20 years as legitimate software, was originally created to help IT staff remotely manage and support computers, but cybercriminals repurposed it as a malicious tool to gain unauthorized access to victims' systems. Once installed, attackers can control the infected device, monitor user activity, steal data, and deploy other malicious software.
NetSupport RAT is particularly dangerous because it's built from legitimate software, which makes it harder for antivirus tools and security teams to spot it right away. It often runs quietly in the background, and you might come across it by clicking a suspicious link, downloading a fake update, or visiting a compromised website. Due to its legitimate nature and widespread availability, NetSupport Manager RAT is not linked to just one hacker group.
Possible symptoms
NetSupport RAT is incredibly stealthy and tries to avoid detection, but you may notice some unusual symptoms:
- Slower system performance or frequent crashes.
- A higher CPU or network usage.
- New or unknown processes running in the Task Manager.
- Files or programs on your computer that you don’t recognize or lower storage space.
- Unexplained changes to system settings.
Sources of the infection
NetSupport RAT can spread in many ways, often through phishing emails and malicious attachments. Other possible sources of infection include:
- Drive-by downloads from malware hosting websites.
- Peer-to-peer sharing of infected files.
- Malvertising, where malicious code is delivered through seemingly legitimate online ads
- Software bundles from unverified sources.
- Through an infected removable drive (USB, memory card, or external hard drive).
Protection
To protect yourself from NetSupport RAT or other malware infections, you need to be alert and follow common cybersecurity practices. Here are some tips to help you stay safer:
- Regularly update your operating system and all applications to patch vulnerabilities.
- Avoid visiting unverified or suspicious websites that may host harmful files.
- Be cautious when downloading and installing software, especially from unfamiliar sources.
- Never click on suspicious links or open unexpected email attachments. If you're unsure which email attachments are safe to open, avoid interacting with the email at all.
- Use NordVPN’s Threat Protection Pro™ to block malicious websites and harmful ads.
NetSupport RAT removal
You can remove the NetSupport RAT from your computer using a reputable and up-to-date antivirus program:
- Disconnect the infected device from the internet to prevent further unauthorized access.
- Boot the computer into safe mode to limit the malware's activity.
- Run a full system scan with trusted antivirus software.
- Follow the antivirus software’s instructions to remove the detected files.
- Uninstall any suspicious programs through your system’s control panel or settings.
- Update all software and security patches to prevent reinfection.
