sczriptzzbn inject pushes malware for NetSupport RAT

A campaign nicknamed "sczriptzzbn inject" can be identified by script using a variable named sczriptzzbn injected into files returned from a compromised website. This injected script causes a fake browser update page to appear in the victim's browser.

REFERENCE: https://isc.sans.edu/diary/rss/29170

TAGS: RAT, Malware, Fake Browser

MALWARE FAMILY: RAT

ATT&CK IDS: TA0003 - Persistence, T1055 - Process Injection, T1219 - Remote Access Software

Read More:

https://otx.alienvault.com/pulse/6352a4f01abba547918c8a4d