Latest posts tagged with #screenConnect on Bluesky
Malware detonation suggests that the threat actor was likely playing around with ScreenConnect RMM before
It also seems that the threat actor was previously playing around with the legitimate RMM #ScreenConnect (aka ConnectWise) before switching to their own fake RMM 🛠️
What also stands out: the majority of the botnet C2s were hosted at Contabo GmbH 🇩🇪
We track the threat on our platforms as #FakeRMM ⤵️
Rogue #ScreenConnect RMM 🕵️♂️
Botnet C2:
📡 no.windowupdateservice .com
📡 relay.windowupdateservice .com
📡193.26.115.51:8041
Payload delivery URL:
🌐 urlhaus.abuse.ch/url/3782937/
Malware sample 📄:
bazaar.abuse.ch/sample/77dc5...
More ScreenConnect RMM IOCs ⤵️
threatfox.abuse.ch/browse/tag/S...
📢⚠️ Hackers are hijacking PCs using fake Social Security emails that disable Windows protections and install #ScreenConnect as a remote access backdoor.
Read more: hackread.com/hackers-scre...
#CyberSecurity #Malware #Windows #RAT #CyberAttack
Falsa estensione ClawdBot per VSCode: il malware ora ti controlla da remoto
📌 Link all'articolo : www.redhotcyber.com/post/fal...
#redhotcyber #news #cybersecurity #hacking #malware #vscode #clawdbotagent #accessoRemoto #screenconnect
#screenconnect not connecting? No problem, system.config has you covered:
c2 on this sample is relay.t0up\\.top
When you distribute your malicious #screenconnect on your c2 🙃
app.any.run/tasks/5e815a05-a047-4010...
Finally saw something when installing those malicious #RMM #screenconnect (at https://mkaos.alwaysdata\\.net/eStatementSsaGov.msi
app.any.run/tasks/399383f4-5ab6-4f53...
#Fernwartung #ScreenConnect: #KritischeLücke ermöglicht #Schadcodeausführung #ITSecurity #CyberSecurity #Schadcode
heise.de/-11112865
📰 Peretas Gunakan Alat RMM untuk Meretas Sistem Kargo dan Mencuri Pengiriman Barang
👉 Baca artikel lengkap di sini: ahmandonk.com/2025/11/04/hackers-cargo...
#cargo #theft #cybersecurity #freight #pdq #connect #proofpoint #rmm #screenconnect #trucking
Cybercriminals are exploiting ScreenConnect RMM to gain unauthorized access. Stay alert and ensure your systems are updated. #CyberSecurity #RMM #ScreenConnect #Phishing #InfoSec Link: thedailytechfeed.com/threat-actor...
#evil #screenconnect (guess it's just my week) at gofile . io
2ca0dc3544cb47fe391f5203ab0325ed4584255914280ca2377d5aa3ae58c5eb
c2 connectwise\\.fun:8041
Threat Actors Market Stealthy New RAT as Alternative to ScreenConnect FUD Cybersecurity researchers have identified a concerning development in the underground cybercrime marketplace: a sophisticat...
#cyber #security #Cyber #Security #News #ScreenConnect
Origin | Interest | Match
Attackers trojanized ConnectWise ScreenConnect installers in exposed open directories to distribute AsyncRAT; observed IOCs include 176.65.139.119 and /Bin/ ClickOnce paths, with dual execution via .NET Assembly.Load or libPK.dll injection. #AsyncRAT #ScreenConnect #RMM https://bit.ly/3Iu93sl
Cybercriminals are exploiting ScreenConnect to deploy AsyncRAT and PowerShell RAT. Stay vigilant and ensure your software is up-to-date. #CyberSecurity #MalwareAlert #ScreenConnect #AsyncRAT Link: thedailytechfeed.com/cybercrimina...
This widely used Remote Monitoring tool is being used to deploy AsyncRAT to steal passwords | TechRadar www.techradar.com/pr...
#cybersecurity #ScreenConnect #AsyncRAT #fileless #malware
Attackers are exploiting ConnectWise ScreenConnect to drop AsyncRAT malware, giving remote control over infected systems.
#ConnectWise #ScreenConnect #AsyncRAT #Malware #CyberSecurity #RemoteAccessTrojan #Infosec securityaffairs.com/182090/malwa...
New investigation reveals attackers used a fileless malware chain via a compromised #ScreenConnect client to deploy AsyncRAT, enabling credential theft, keylogging, and wallet scans.
Read: hackread.com/fileless-mal...
#CyberSecurity #AsyncRAT #Malware #CyberAttack #InfoSec
🚨 ScreenConnect admins under siege
Since 2022, stealthy spear-phishing campaigns target #ScreenConnect super-admins via compromised Amazon SES emails and EvilGinx proxy pages.
Stolen credentials enable lateral movement and #ransomware deployment.
#ransomNews #CredentialHarvest #RMMThreat
Alert: Sophisticated phishing campaign targets ScreenConnect admins to steal credentials. Employs advanced techniques to bypass MFA. Stay vigilant! #CyberSecurity #Phishing #ScreenConnect Link: thedailytechfeed.com/sophisticate...
Controlling #Windows from #Linux - boom! 💥
Finally managed to get this #ScreenConnect alternative to compile on Windows with full Nvidia hardware encoding via #ffmpeg.
Maybe we will get an open source tool! This is capturing 4K, fullscreen #YouTube video complete with #NerdStats
Mac next? 😁
Asked an AI coding assistant what it thought about running a remote desktop relay in a FreeBSD jail using quic, ephemeral ports, magic packets, and dynamic PF firewall rules.
It's response...
#FreeBSD #RustScreen #Quic #CyberSecurity #ScreenConnect #OpenSource
Recent reliability and security hiccups around #ScreenConnect got me thinking: could we build something leaner, safer, and open?
Last night I spun up a proof-of-concept in #Rust (screenshot below).
If I'm developing an #OpenSource #RMM on Rust, seems next logical step.
ScreenConnect on-prem broke after ConnectWise revoked shared certs. I got Azure Key Vault signing working with a trusted OV cert. Full no-fluff walkthrough:
youtu.be/OJISrpHfo88
#ScreenConnect #MSP #CodeSigning #AzureKeyVault #ConnectWise
🛠️ Hackers have weaponized #ScreenConnect using Authenticode stuffing. Another trusted tool turned into a threat! zurl.co/bdN6j #SMIT #kyleTX #SMTX #BastropTX #connectWise #NotAgain #zeroTrus
Hackers turn ScreenConnect into malware using Authenticode stuffing reconbee.com/hackers-turn...
#hackers #screenConnect #malware #malwareattack #authenticode #cyberattack
