SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
Summary
Unknown threat actors are conducting a large-scale campaign using SEO-poisoned websites to distribute malicious software installers. These installers are disguised as popular software and utilize the ScreenConnect remote access tool to deploy AsyncRAT.
IFF Assessment
FOE
This campaign highlights a sophisticated attack vector using SEO manipulation and a legitimate remote access tool to deploy malware, posing a significant threat to defenders.
Defender Context
Defenders should be aware of this campaign's technique, which combines SEO poisoning with the abuse of legitimate tools like ScreenConnect for malware delivery. This necessitates vigilance in monitoring software downloads and educating users about the risks of obtaining software from unofficial sources.