SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

Summary

Unknown threat actors are conducting a large-scale campaign using SEO-poisoned websites to distribute malicious software installers. These installers are disguised as popular software and utilize the ScreenConnect remote access tool to deploy AsyncRAT.

IFF Assessment

FOE

This campaign highlights a sophisticated attack vector using SEO manipulation and a legitimate remote access tool to deploy malware, posing a significant threat to defenders.

Defender Context

Defenders should be aware of this campaign's technique, which combines SEO poisoning with the abuse of legitimate tools like ScreenConnect for malware delivery. This necessitates vigilance in monitoring software downloads and educating users about the risks of obtaining software from unofficial sources.

Read Full Story →