Crims create fake remote management vendor that actually sells a RAT
Summary
Cybercriminals are creating fake RMM (Remote Monitoring and Management) vendors to distribute RATs (Remote Access Trojans). Proofpoint researchers discovered this scheme, highlighting the abuse of legitimate software for malicious purposes.
IFF Assessment
FOE
The emergence of fake RMM vendors distributing RATs represents a new attack vector for cybercriminals, increasing the threat landscape for defenders.
Defender Context
Defenders should be wary of new RMM software vendors and their offerings. Organizations need to implement stringent vetting processes for all software, including RMM tools, and continuously monitor network traffic for unusual activity that could indicate the presence of a RAT. This highlights the trend of threat actors abusing legitimate tools.