Mastodawn

Signed malware impersonating workplace apps deploys RMM backdoors - https://www.redpacketsecurity.com/signed-malware-impersonating-workplace-apps-deploys-rmm-backdoors/

#threatintel
#phishing
#signed-malware
#TrustConnect Software
#RMM-backdoor
#ScreenConnect-backdoor

Signed malware impersonating workplace apps deploys RMM backdoors - RedPacket Security

In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor. The campaigns used workplace

RedPacket Security

abuse.ch

Feb 25

Proofpoint recently identified a fake RMM (Remote Monitoring and Management Tool) called #TrustConnect and #DocConnect🔎💻 Pivoting the threat in our collection reveals that the threat actors spread the same malware under additional names, including:

➡️SoftConnect
➡️HardConnect
➡️AxisControl

It also seems that the threat actor was previously playing around with the legitimate RMM #ScreenConnect (aka ConnectWise) before switching to their own fake RMM 🛠️

What also stands out: the majority of the botnet C2s were hosted at Contabo GmbH 🇩🇪

We track the threat on our platforms as #FakeRMM ⤵️

IOCs on ThreatFox:
🦊 https://threatfox.abuse.ch/browse/tag/FakeRMM/

Malware samples:
📄 https://bazaar.abuse.ch/browse/tag/FakeRMM/

The Threat Codex Feb 19

(Don't) TrustConnect: It's a RAT in an RMM hat
#TrustConnect #DocConnect
https://www.proofpoint.com/us/blog/threat-insight/dont-trustconnect-its-a-rat

(Don't) TrustConnect: It's a RAT in an RMM hat | Proofpoint US

Key findings Proofpoint observed a new malware-as-a-service (MaaS) masquerading as a legitimate remote monitoring and management (RMM) tool. It calls itself TrustConnect.

Proofpoint