1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This widely used Remote Monitoring tool is being used to deploy A

    From TechnologyDaily@1337:1/100 to All on Thu Sep 11 17:30:09 2025
    This widely used Remote Monitoring tool is being used to deploy AsyncRAT to steal passwords

    Date:
    Thu, 11 Sep 2025 16:20:00 +0000

    Description:
    A trojanized version of ScreenConnect is being shared via phishing, and later used to deploy AsyncRAT.

    FULL STORY ======================================================================Phishing
    emails are spreading a trojanized version of ScreenConnect, tricking victims into installing remote access malware Once installed, attackers deploy AsyncRAT, a fileless trojan that logs keystrokes, steals credentials, and
    more AsyncRATs stealth and open-source nature make it a favorite among
    diverse threat actors

    Criminals are using a trojanized version of a popular, legitimate remote access tool, to drop remote access trojans (RAT) on target devices, researchers are warning.

    Earlier this week, security researchers from LevelBlue said they saw phishing emails in which a tainted variant of ConnectWise ScreenConnect was being shared, masquerading as financial and other business documents.

    ConnectWise ScreenConnect is a remote access and remote support software, letting IT teams, help desks, and managed service providers (MSPs) do things like remote support, remote meetings, or unattended access. Fileless malware

    It also operates cross-platform, supporting desktop, mobile, and
    browser-based connections. However, it is one of the more abused programs, often seen in impersonation and identity theft attacks.

    Victims who fall for the phishing email and install ScreenConnect end up granting criminals unabated access to their devices, which they later use to stealthily deploy fileless malware called AsyncRAT.

    This remote access trojan, besides the obvious, also allows threat actors to log keystrokes, steal browser credentials, fingerprint the system, and look for cryptocurrency wallets and other wallet data - especially browser extensions.

    "Fileless malware continues to pose a significant challenge to modern cybersecurity defenses due to its stealthy nature and reliance on legitimate system tools for execution," LevelBlue said. "Unlike traditional malware that writes payloads to disk, fileless threats operate in memory, making them harder to detect, analyze, and eradicate."

    AsyncRAT is an open-source trojan first released in January 2019. Its accessibility has made it popular among a wide range of threat actors, from novice cybercriminals to more organized groups.

    It is usually distributed through phishing emails or malicious attachments
    and has appeared in multi-stage infection chains, including campaigns targeting healthcare organizations.

    While the malware itself is not tied to a specific group, various cybercriminals and emerging threat actors have widely adopted it for remote exploitation.

    Via The Hacker News You might also like AI-written malware is here, and
    going after victims already Take a look at our guide to the best
    authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-widely-used-remote-monitoring-tool -is-being-used-to-deploy-asyncrat-to-steal-passwords


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)