Fake Software Sites Use ScreenConnect to Spread AsyncRAT
Robert Moore ·
Listen to this article~4 min
Cybercriminals are using fake software sites to spread AsyncRAT via ScreenConnect. Learn how this massive campaign targets popular apps and how to protect yourself.
You know that feeling when you download what looks like a legitimate piece of software, only to realize something's off? That's exactly what's happening in a new wave of cyberattacks. Unknown threat actors are using the ScreenConnect remote access tool to sneak AsyncRAT onto unsuspecting victims' computers.
Think of it like this: someone sets up a convincing fake storefront to sell counterfeit goods, but instead of knockoff sneakers, they're delivering malware. Kaspersky researchers have flagged this as part of a "massive, multi-domain, multi-language" campaign. The bad guys are creating spoofed websites that look just like the real thing, then hosting malicious installer archives there.
### What Software Is Being Faked?
The attackers are piggybacking on trust in popular apps. Here's what they're pretending to offer:
- **OBS Studio**: A go-to for streamers and video creators.
- **DNS Jumper**: A tool for tweaking network settings.
- **DS4Windows**: A utility for PlayStation controllers on PCs.
- **Bandicam**: A screen recorder and game capture software.
When you download one of these fake installers, it doesn't just give you the app you wanted. Instead, it deploys AsyncRAT, a remote access trojan that can spy on your every move, steal credentials, and even record your keystrokes.
### How ScreenConnect Fits In
ScreenConnect is a legitimate remote access tool used by IT pros for support. But in this campaign, it's being abused as a delivery mechanism. Once AsyncRAT is on your system, the attackers can use ScreenConnect to take full control, as if they're sitting at your desk. It's a clever—and dangerous—twist on a trusted technology.
### Why This Campaign Is Different
This isn't a small, targeted attack. Kaspersky describes it as multi-domain and multi-language, meaning the fake sites are set up in various languages to catch a global audience. The sheer scale makes it harder to shut down, since each domain can be taken down only to pop up elsewhere. For professionals in the antidetect browser space, this highlights how even reputable tools can be weaponized.
### Protecting Yourself
Here are some practical steps to stay safe:
- **Double-check URLs**: Always verify the official website of any software you download. Look for HTTPS and slight misspellings in the domain.
- **Avoid third-party sites**: Stick to official sources or trusted app stores. Those random download pages are a minefield.
- **Use antidetect browsers**: Tools like antidetect browsers can mask your digital fingerprint, making it harder for attackers to track you. But they won't stop you from downloading infected files, so combine them with good habits.
- **Scan everything**: Run a quick antivirus scan on any installer before opening it. Free tools like Malwarebytes can catch AsyncRAT and similar threats.
### The Bigger Picture
This campaign is a reminder that cyber threats evolve faster than most of us realize. The attackers aren't just hacking—they're using social engineering and SEO poisoning to trick you into inviting them in. For anyone working in digital privacy or antidetect browsers, staying informed is half the battle. The other half is staying skeptical.
### Final Thoughts
If you're in the United States and rely on tools like ScreenConnect for remote work, keep an eye on updates from security researchers. And remember: if a download link looks too good to be true—like a free copy of Bandicam from a sketchy site—it probably is. Stay sharp, and don't let convenience compromise your security.
A deeper breakdown of GoLogin Review 2026 — Fast, affordable anti-detect browser with cloud profiles - real examples, numbers, and what actually works.
A deeper breakdown of Undetectable.io Review 2026 — Unlimited local profiles with solid fingerprint masking - real examples, numbers, and what actually works.