RMM Tools (Syncro, SuperOps, NinjaOne, etc.) Being Distributed Disguised as Video Files
AhnLab SEcurity intelligence Center (ASEC) recently discovered cases of attacks using RMM tools such as Syncro, SuperOps, NinjaOne, and ScreenConnect. Threat actors distributed a PDF file that prompted users to download and run the RMM tool from a disguised distribution page such as Google Drive. The certificate used to sign
Distribution of Malware Abusing LogMeIn and PDQ Connect
AhnLab SEcurity intelligence Center (ASEC) recently identified cases of attacks abusing the RMM (Remote Monitoring and Management) tools LogMeIn Resolve (GoTo Resolve) and PDQ Connect. While the initial distribution method is unknown, the attacks involve a legitimate-looking website that disguises the malware as a normal program. When a user downloads
Infected Systems Controlled Through Remote Administration Tools – Detected by EDR (2)
Remote administration tools, also known as RAT, are software that provide the ability to manage and control terminals at remote locations. Recently, there has been an increase in cases where remote administration tools are installed instead of backdoor malware during the initial access or lateral movement phases to control the
