Winsage
February 23, 2025
A significant alert has been issued regarding a new browser update threat targeting Microsoft Windows users, as reported by Palo Alto Networks’ Unit 42. Attackers are injecting malicious JavaScript into legitimate websites, misleading users into believing they need to update their browsers. These deceptive messages often use realistic branding and create urgency, prompting users to download and execute scripts that enable malware to retrieve the NetSupport RAT code. This malware allows for remote device control, data exfiltration, and modification of the Windows Registry, complicating its removal. On February 18, 2025, the NetSupport RAT delivered StealC, a credential-stealing malware designed to capture sensitive login information. The SmartApeSG campaign highlights the risks of social engineering and fileless attack techniques, exploiting trusted software update mechanisms. Recommended mitigation strategies include blocking domains linked to SmartApeSG, deploying signatures to detect malicious JavaScript, monitoring anomalous process relationships, restricting PowerShell execution policies, and educating employees about fake update prompts. Users are advised to follow conventional methods for browser updates, check for updates through their browsers, and ensure automatic updates are enabled.
