The Cortex XDR Managed Threat Hunting team, part of Unit 42, identified a malicious Microsoft Word document, disguised as a password-protected NortonLifelock document, being used in a phishing campaign to deliver a commercially available remote access tool (RAT) The use of this NetSupport Manager RAT for unauthorized access has been observed in phishing campaigns since at least 2018. The document appears to contain personal information that requires a password to view. Once the user clicks Enable Content, the macro is executed and the user is presented with a password dialog box. The password is provided in the phishing email, as it accepts only the letters c or C”]
Source: https://unit42.paloaltonetworks.com/cortex-xdr-detects-netsupport-manager-rat-campaign/