SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

Read full story on The Hacker News
Share
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
AI disclosure

Summary

Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a "massive, multi-domain, multi-language" campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, and Bandicam, among others.

Original reporting

Open original source
Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.