Fake Software Sites Use ScreenConnect to Spread AsyncRAT

·
Listen to this article~4 min
Fake Software Sites Use ScreenConnect to Spread AsyncRAT

Cybercriminals are using fake software sites to spread AsyncRAT via ScreenConnect. Learn how this massive campaign targets popular apps and how to protect yourself.

You know that feeling when you download what looks like a legitimate piece of software, only to realize something's off? That's exactly what's happening in a new wave of cyberattacks. Unknown threat actors are using the ScreenConnect remote access tool to sneak AsyncRAT onto unsuspecting victims' computers. Think of it like this: someone sets up a convincing fake storefront to sell counterfeit goods, but instead of knockoff sneakers, they're delivering malware. Kaspersky researchers have flagged this as part of a "massive, multi-domain, multi-language" campaign. The bad guys are creating spoofed websites that look just like the real thing, then hosting malicious installer archives there. ### What Software Is Being Faked? The attackers are piggybacking on trust in popular apps. Here's what they're pretending to offer: - **OBS Studio**: A go-to for streamers and video creators. - **DNS Jumper**: A tool for tweaking network settings. - **DS4Windows**: A utility for PlayStation controllers on PCs. - **Bandicam**: A screen recorder and game capture software. When you download one of these fake installers, it doesn't just give you the app you wanted. Instead, it deploys AsyncRAT, a remote access trojan that can spy on your every move, steal credentials, and even record your keystrokes. ### How ScreenConnect Fits In ScreenConnect is a legitimate remote access tool used by IT pros for support. But in this campaign, it's being abused as a delivery mechanism. Once AsyncRAT is on your system, the attackers can use ScreenConnect to take full control, as if they're sitting at your desk. It's a clever—and dangerous—twist on a trusted technology. ### Why This Campaign Is Different This isn't a small, targeted attack. Kaspersky describes it as multi-domain and multi-language, meaning the fake sites are set up in various languages to catch a global audience. The sheer scale makes it harder to shut down, since each domain can be taken down only to pop up elsewhere. For professionals in the antidetect browser space, this highlights how even reputable tools can be weaponized. ### Protecting Yourself Here are some practical steps to stay safe: - **Double-check URLs**: Always verify the official website of any software you download. Look for HTTPS and slight misspellings in the domain. - **Avoid third-party sites**: Stick to official sources or trusted app stores. Those random download pages are a minefield. - **Use antidetect browsers**: Tools like antidetect browsers can mask your digital fingerprint, making it harder for attackers to track you. But they won't stop you from downloading infected files, so combine them with good habits. - **Scan everything**: Run a quick antivirus scan on any installer before opening it. Free tools like Malwarebytes can catch AsyncRAT and similar threats. ### The Bigger Picture This campaign is a reminder that cyber threats evolve faster than most of us realize. The attackers aren't just hacking—they're using social engineering and SEO poisoning to trick you into inviting them in. For anyone working in digital privacy or antidetect browsers, staying informed is half the battle. The other half is staying skeptical. ### Final Thoughts If you're in the United States and rely on tools like ScreenConnect for remote work, keep an eye on updates from security researchers. And remember: if a download link looks too good to be true—like a free copy of Bandicam from a sketchy site—it probably is. Stay sharp, and don't let convenience compromise your security.