A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks

A clever new wave of phishing attacks is hitting office workers where they feel safest- their daily meeting invites. Instead of using obvious malware, hackers are now using stolen digital certificates to trick computers into trusting malicious files. According to researchers from the Microsoft Defender Security Research Team, these attacks involve highly convincing fake updates for apps like Zoom, Microsoft Teams, and Adobe Reader.

The campaign, which began around February 2026, relies on a psychological trick. When a user clicks a link in a fake meeting invite or a blurred PDF, they aren’t told they have a virus; they are directly sent to a fake website that looks like an official download centre. As per Microsoft’s research, these sites claim the user’s software is out of date, prompting a “required” update.

The TrustConnect Software Trap

What makes this trick particularly dangerous is the ...