The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Overview
Kaspersky researchers have identified a large-scale campaign that uses compromised ScreenConnect software to deliver AsyncRAT, a type of remote access Trojan. Attackers are exploiting vulnerabilities in the legitimate ScreenConnect application to drop the malicious payload onto targeted systems. This incident raises concerns for users and organizations that rely on ScreenConnect for remote access, as they may unknowingly become victims of this malware. The report details the infection chain and the command and control (C2) infrastructure used in the attack, emphasizing the need for vigilance in software downloads and updates. Users should ensure they are downloading software from official sources and remain cautious of unsolicited software offers.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: ScreenConnect software, AsyncRAT
- Action Required: Users should ensure they download ScreenConnect from official sources and apply any available security updates.
- Timeline: Newly disclosed
Original Article Summary
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.
Impact
ScreenConnect software, AsyncRAT
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Users should ensure they download ScreenConnect from official sources and apply any available security updates. Regularly monitor systems for unusual activity.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Malware, Trojan, Kaspersky.