securelist.com 7/1/2026, 1:01:43 PM · external

Attackers misuse ScreenConnect to spread AsyncRAT via fake sites

Attackers misuse ScreenConnect to spread AsyncRAT via fake sites
CyberSIXT Evidence Panel Source marked as original reporting

THE article investigates a cyber attack using the legitimate remote access tool ScreenConnect, which was exploited to deploy the AsyncRAT remote access Trojan (RAT). The threat actors utilized spoofed software websites to distribute malicious installers, disguising their payloads as popular applications like OBS Studio and DS4Windows. Over 90 fraudulent domains were identified across multiple languages, indicating a broad and sophisticated campaign.

The analysis details the exploitation process, persistent mechanisms, and key infrastructure used by the attackers, emphasizing the importance of rigorous security measures to detect and mitigate such threats. Kaspersky suggests monitoring active services and implementing software installation controls.

View full article

Article by CyberSIXT