• Business

    This widely used Remote Monitoring tool is being used to deploy AsyncRAT to steal passwords

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    This widely used Remote Monitoring tool is being used to deploy AsyncRAT to steal passwords

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

    Still use Skype at work? Bad news, hackers are targeting it with dangerous malware

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    That email from finance with your name in the subject line? It might just be a trap – here’s what researchers found about malware delivery

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    Hackers are using fake NDAs to hit US manufacturers in major new phishing scam

    Enterprise security faces new challenge as attackers master art of digital impersonation

    SMBs are being hit by malicious productivity tools – Zoom and ChatGPT spoofed by hackers

    Be careful where you click in Google search results – it could be damaging malware

    Your employee logins are more valuable to criminals than ever – here’s how to keep them protected

    Over 11,000 Android devices hit by fake login RAT hidden in Meta Ads and fake Google Play store

    Hackers are abusing ‘FileFix’ technique to drop RATs during ransomware attacks

    Scattered Spider hackers are targeting US critical infrastructure via VMware attacks

    New Android RAT uses Near Field Communication to automatically steal money from devices

    Hackers are using fake Zoom apps to steal your data and your cryptowallet – here’s how to stay safe

    This widely used Remote Monitoring tool is being used to deploy AsyncRAT to steal passwords

    Sead Fadilpašić

    11 September 2025

    A trojanized version of ScreenConnect is being shared via phishing

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: wk1003mike / Shutterstock)

    Phishing emails are spreading a trojanized version of ScreenConnect, tricking victims into installing remote access malware
    Once installed, attackers deploy AsyncRAT, a fileless trojan that logs keystrokes, steals credentials, and more
    AsyncRAT’s stealth and open-source nature make it a favorite among diverse threat actors

    Criminals are using a trojanized version of a popular, legitimate remote access tool, to drop remote access trojans (RAT) on target devices, researchers are warning.

    Earlier this week, security researchers from LevelBlue said they saw phishing emails in which a tainted variant of ConnectWise ScreenConnect was being shared, masquerading as financial and other business documents.
    ConnectWise ScreenConnect is a remote access and remote support software, letting IT teams, help desks, and managed service providers (MSPs) do things like remote support, remote meetings, or unattended access.

    You may like

    Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

    Still use Skype at work? Bad news, hackers are targeting it with dangerous malware

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    Fileless malware
    It also operates cross-platform, supporting desktop, mobile, and browser-based connections. However, it is one of the more abused programs, often seen in impersonation and identity theft attacks.

    Victims who fall for the phishing email and install ScreenConnect end up granting criminals unabated access to their devices, which they later use to stealthily deploy fileless malware called AsyncRAT.
    This remote access trojan, besides the obvious, also allows threat actors to log keystrokes, steal browser credentials, fingerprint the system, and look for cryptocurrency wallets and other wallet data – especially browser extensions.
    “Fileless malware continues to pose a significant challenge to modern cybersecurity defenses due to its stealthy nature and reliance on legitimate system tools for execution,” LevelBlue said. “Unlike traditional malware that writes payloads to disk, fileless threats operate in memory, making them harder to detect, analyze, and eradicate.”

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    AsyncRAT is an open-source trojan first released in January 2019. Its accessibility has made it popular among a wide range of threat actors, from novice cybercriminals to more organized groups.
    It is usually distributed through phishing emails or malicious attachments and has appeared in multi-stage infection chains, including campaigns targeting healthcare organizations.
    While the malware itself is not tied to a specific group, various cybercriminals and emerging threat actors have widely adopted it for remote exploitation.
    Via The Hacker News
    You might also like

    AI-written malware is here, and going after victims already
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

    Still use Skype at work? Bad news, hackers are targeting it with dangerous malware

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    That email from finance with your name in the subject line? It might just be a trap – here’s what researchers found about malware delivery

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    Hackers are using fake NDAs to hit US manufacturers in major new phishing scam

    Latest in Security

    This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware – so patch now

    Jaguar Land Rover backtracks, says hackers may have taken some data

    This macOS malware was laying dormant for years, but may have been silently infecting thousands of devices

    UK Electoral Commission finally recovered from China hack after three years and £250,000 grant

    Cyberscam groups who stole $10 billion from Americans sanctioned by US

    Hackers abuse TOR network and misconfigured Docker APIs to steal crypto – so keep an eye on your wallet

    Latest in News

    Ubisoft CEO says the future of the Far Cry series will be more multiplayer-focused

    Hollow Knight: Silksong seemingly references Clair Obscur: Expedition 33 in one subtle easter egg

    $699 for a 128GB iPhone 16? I think you can score a better deal – here’s how

    Valve has introduced significant UI updates to Steam, and gamers are thanking ‘Lord Gaben’ yet again

    Confused by Dyson’s vacuum names? Me too – so I asked a Dyson engineer to explain

    Apple’s iPhone Air kills the SIM card: what this means for eSIM providers, telcos, and consumers

    LATEST ARTICLES

    This widely used Remote Monitoring tool is being used to deploy AsyncRAT to steal passwords

    Ubisoft CEO says the future of the Far Cry series will be more multiplayer-focused

    Valve has introduced significant UI updates to Steam, and gamers are thanking ‘Lord Gaben’ yet again

    ‘I’m so proud, but so bummed out’: How Celebrations with Lacey Chabert season 2 missed out one major detail

    Apple’s iPhone Air kills the SIM card: what this means for eSIM providers, telcos, and consumers

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like