Hackers Hide RMM Installs as Fake Chrome Updates and Teams Invites

New research from Red Canary and Zscaler shows phishing lures now drop RMM tools like ITarian and Atera, giving attackers admin-level access for malware and ransomware campaigns.

Phishing emails used to be easy to spot, often filled with typos and strange formatting. That is no longer the case. New research from Red Canary and Zscaler shows how convincing attackers have become, luring people with fake Chrome updates, malicious but real-looking Teams or Zoom invites, party e-cards, and even government forms that look real enough to trick employees.

According to researchers, these campaigns are different from others because of the use of remote monitoring and management (RMM) tools. Instead of delivering a typical piece of malware, the attackers are now using these lures to install RMM tools such as ITarian, PDQ, SimpleHelp, and Atera.

For your information, these programs are used by IT administrators to maintain systems, but malicious threat actors ...