Cybercriminals are exploiting remote monitoring and management tools by targeting users with deceptive download pages for popular software. Once victims download what they think is legitimate software, they are actually installing modified versions of LogMeIn Resolve or PDQ Connect, which enable complete access to their systems. The campaign, identified by ASEC security researchers, has three distinct threat actors utilizing unique company IDs embedded in LogMeIn configuration files.
Once the malicious software is installed, the attackers can run PowerShell commands remotely, further compromising the system. A notable piece of malware employed in this attack is PatoRAT, which can perform a variety of dangerous operations such as keylogging, screen capture, and stealing browser passwords. The malware’s source code includes Portuguese strings, hinting at its origins. To prevent such infections, security experts advise downloading software only from trusted sources and ensuring antivirus software is current.
👉 Pročitaj original: Cyber Security News
