We planned one report on Keitaro abuse, but we ran out of pages before we ran out of cases.
So here’s Part 2 of 3, a medley of threats that go well beyond AI‑investment scams.

Threat actors abuse Keitaro’s traffic distribution, cloaking, and rule engine to hide malicious landing pages behind geo and device-based filters. They stack bulletproof hosting and reverse proxies to add layers of indirection, making takedown and analysis harder. In this post, we share how we overcame this using multi‑protocol, multi‑vantage telemetry. We leveraged JA4+ web server fingerprints, DNS analytics, and Confiant’s visibility into advertising supply chain data to uncover Keitaro abuse and the delivery of malware downloaders, infostealers, weaponized RMMs, wallet drainer campaigns, scams, and email spam and advertising attack vectors.

If you hunt threats distributed via adtech, these indicators can be useful pivots. https://www.infoblox.com/blog/threat-intelligence/no-reach-no-risk-the-keitaro-abuse-in-modern-cybercrime-distribution/

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising #infostealer #rmm #remotemonitoringmanagement #downloader #malware #spam #airdrop #cryptocurrency #ja4 #ja4_fingerprinting

ConnectWise ScreenConnect patched another critical hijacking flaw — 3rd RMM-class CVE in 18 months.

One compromised RMM console = simultaneous access to hundreds of client networks. The patch matters less than auditing who holds admin access right now.

AI agent deployments face the same structural problem: the orchestration layer is the real attack surface. That's the gap VAULT covers.

#infosec #ScreenConnect #RMM #cybersecurity

the-service.live

#datto #rmm at:

https://ssa-sharing\.cloud

https://app.any.run/tasks/dd8cfd7b-63ef-49b3-8fcc-3f8efb1bd51a

Fake Zoom, Teams Meeting Invites use Compromised Certificates to Drop Malware.

A new wave of phishing attacks is hitting office workers where they feel safest- their daily meeting invites. Instead of using obvious malware, threat actors are now using stolen digital certificates to trick computers into trusting malicious files.

⁉️According to researchers from the Microsoft Defender Security Research Team, these attacks involve highly convincing fake updates for apps like Zoom, Microsoft Teams, and Adobe Reader.⁉️

https://www.microsoft.com/en-us/security/blog/2026/03/03/signed-malware-impersonating-workplace-apps-deploys-rmm-backdoors/

#zoom #microsoft #teams #adobe #reader #phishing #attacks #rmm #backdoors #it #security #privacy #engineer #media #infosec #tech #news

Signed malware impersonating workplace apps deploys RMM backdoors - https://www.redpacketsecurity.com/signed-malware-impersonating-workplace-apps-deploys-rmm-backdoors/

#threatintel
#phishing
#signed-malware
#TrustConnect Software
#RMM-backdoor
#ScreenConnect-backdoor

Malicious #simplehelp #rmm #opendir at:

https://katz.adv\.br/dhl/

Every tech choice has a cost. You pay for infrastructure to avoid downtime, #RMM to scale, and security to keep clients. But if your email security creates more work than it saves—or fails to stop breaches—it’s no longer an investment. It’s a tax on your business!

"The Relationship Tax: What Staying With Your SEG Is Really Costing Your #MSP"
https://cybersec.ironscales.com/s/the-relationship-tax-what-staying-with-your-seg-is-really-costing-your-msp-25417

New by me: I’ve been seeing a spike in unwanted apps (PUPs/adware) sneaking onto client endpoints, so I built a practical workaround when allowlisting tools aren’t in the budget.

This post walks through:
✅ a PowerShell cleanup script (Audit vs Remediate)
✅ a JSON “bad app” list you can update over time
✅ how to automate it in your RMM (with a Kaseya VSA X example)
✅ why I avoid Win32_Product and how the fallback config works

MSPs: this is endpoint hygiene, not magic, but it’s consistent and scalable.

https://www.kylereddoch.me/blog/fighting-the-pup-wave-a-practical-powershell-cleanup-workflow-for-msps/

#MSP #PowerShell #RMM #Windows #Cybersecurity #EndpointSecurity #Kaseya

Who's watching who? Experts reveal criminals using fake enterprise software to gain access to company systems
Who's watching who? Experts reveal criminals using fake enterprise software to gain access to company systems
#Fakeenterprisesoftware #Rmm

https://opr.news/30bfb55c260220en_us?link=1&client=ex_global

Download Now
https://opr.as/share

RMM abuse is exploding as hackers ditch traditional malware — living off legit remote tools to stay under the radar. When admin tools turn rogue, visibility is everything. 🛠️⚠️ #RMM #Malware

https://www.darkreading.com/application-security/rmm-abuse-explodes-hackers-ditch-malware