Threat actors are increasingly using the NetSupport RAT (Remote Access Trojan) to target education, and business sectors. VMware Carbon Black researchers report that the delivery methods for NetSupport RAT include fraudulent updates, drive-by downloads, malware loaders, and phishing campaigns. In the past few weeks, at least 15 new infections related to NetSupport RAT have been detected. Originally a legitimate remote administration tool, NetSupport Manager has been exploited by malicious actors to serve as a starting point for subsequent attacks. The trojan is typically downloaded through deceptive websites and fake browser updates. Once installed on a victim's device, NetSupport RAT can monitor behavior, transfer files, manipulate settings, and spread to other devices on the network. The malware has been associated with various tactics, including the use of compromised WordPress sites for distribution.