Crims create fake remote management vendor that actually sells a RAT

Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.

These folks created an entirely fake RMM vendor that purports to sell enterprise software for $300 a month. In fact, it's a remote access trojan (RAT) being sold as a service. Call it a RATaaS.

The criminals behind the malware took great care to make their product appear legitimate, giving it the name TrustConnect. They even built a fake business website and obtained a legitimate Extended Validation code-signing certificate to digitally sign malware and allow it to bypass security controls.

At first, the crooks even fooled Proofpoint’s threat hunters themselves. "Initially, TrustConnect appeared to be another legitimate RMM tool being abused," the company’s research team said in a Thursday post.

Criminals prefer using legitimate, commercial ...