Summary: An investigation by Team Cymru has exposed a connection between the SmartApeSG FakeUpdate campaign and the NetSupport RAT, highlighting the reuse of infrastructure and the entwined operations of both threats. The research revealed that SmartApeSG is exploiting users through deceptive update tactics while maintaining links to additional malicious activities, including connections with cryptocurrency-related platforms and fraudulent financial sites. Despite efforts to shut down these operations, threat actors are quickly adapting and finding new hosting solutions.
Affected: Team Cymru, SmartApeSG, NetSupport RAT, users visiting compromised websites
Keypoints :
- Discovery of an intricate network linking SmartApeSG to NetSupport RAT, utilizing fake update tactics.
- Geolocation of malicious hosts in Moldova using a platform with a free trial feature that aids rapid infrastructure turnover.
- Identification of connections to fraudulent financial sites and cryptocurrency platforms, revealing a broader network of misconduct.