(Don't) TrustConnect: It's a RAT in an RMM hat

A new malware-as-a-service (MaaS) called TrustConnect has been discovered masquerading as a legitimate remote monitoring and management (RMM) tool. The malware, classified as a remote access trojan (RAT), uses a fake business website as its command and control center and MaaS portal. Priced at $300 per month, it offers features like a web-based C2 dashboard, automated payload generation with digital signatures, and remote desktop capabilities. The malware has been distributed through various email campaigns, often alongside legitimate RMM tools. Proofpoint researchers identified links between TrustConnect's creator and previous users of Redline stealer. The emergence of this new MaaS demonstrates the ongoing evolution of the cybercrime market and the thriving ecosystem of RMM abuse.

Pulse ID: 6996efa6c7a901cbcb67660e
Pulse Link: https://otx.alienvault.com/pulse/6996efa6c7a901cbcb67660e
Pulse Author: AlienVault
Created: 2026-02-19 11:10:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #Email #InfoSec #MaaS #Malware #MalwareAsAService #OTX #OpenThreatExchange #Proofpoint #RAT #RedLine #RedlineStealer #RemoteAccessTrojan #Rust #Trojan #bot #AlienVault

🚨 Collins Aerospace Breached Twice in One Week — Everest + Ransomware

Evidence confirms two distinct incidents:
– Everest data exfiltration (Sept 10–11): leveraged old credentials from a 2022 RedLine infection.
– Ransomware attack (Sept 19): separate event, caused system disruptions.

Legacy credentials remain one of the most exploited weaknesses in enterprise networks.

💬 How does your team track and rotate long-term credentials? Comment below & follow TechNadu for real-time cyber intelligence.

#CyberSecurity #CollinsAerospace #Everest #Ransomware #RedLineStealer #InfoSec #CredentialSecurity #ThreatIntel #AviationSecurity #CyberDefense #ZeroTrust #TechNadu

Yo #HijackLoader to #RedLineStealer incidents all over the place today. Make sure you're blocking 92.255.85[.]36 at the fw and bitly[.]cx unless you need to use that specific url shortening service for some strange reason.

#infosec #threatintel #iocs

Happy Monday everyone!

Kaspersky researchers discovered the #RedLineStealer being spread through a well-known HPDxLIB activator when adversaries published links directing unknown victims to malicious version of the software. The malicious software involved a malicious DLL getting loaded by "1cv8.exe" which would load another malicious library which would launch the stealer.

Looking at a report that was published earlier this year, McAfee researchers detailed some of the behaviors that are attributed to the RedLine Stealer. There was a creation of a "readme.txt" file in a C:\Program Files\ directory (most likely the directory of the malicious version of the legitimate software that was downloaded), there was a scheduled task created that referenced the "readme.txt", and a .cmd file that was created in the C:\Windows\Setup\Scripts\ directory that started a randomly named executable that once again, referenced the readme.txt file.

If I were hunting for this, I would start with scheduled tasks being created in my environment that may not match the naming convention established by my business. Enjoy the read and go get hunting! Happy Hunting!

RedLine info-stealer campaign targets Russian businesses through pirated corporate software
https://securityaffairs.com/171771/cyber-crime/redline-info-stealer-campaign-targets-russian-businesses.html

(You can find the original report in the link provided by this Security Affairs article.)

Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting Cyborg Security, Now Part of Intel 471