AsyncRAT Evades Detection With Stealthy Fileless Attack

A surge in fileless malware campaigns has brought renewed attention to AsyncRAT, a remote access trojan that exploits trusted system tools to launch in-memory attacks. By avoiding traditional disk writes, AsyncRAT evades detection and enables threat actors to maintain control over compromised enterprise systems with minimal forensic trace.

Attackers gain initial access by abusing unauthorized ScreenConnect deployments, allowing them to interact directly with victim machines. They then deploy a multi-stage VBScript loader, which downloads encoded payloads from attacker-controlled domains. These payloads execute entirely in memory, bypassing endpoint defenses. Through this method, AsyncRAT evades detection while leveraging dynamic API resolution and reflection-based loading.

The second-stage executable, AsyncClient.exe, decrypts embedded configuration data and opens a TCP connection to its control server. It supports command execution, data exfiltration and system reconnaissance. Combined with persistence mechanisms and anti-analysis features, the malware remains hidden and effective.

Read the full report at

AsyncRAT Uses Fileless Loader to Bypass Detections and Gain Remote Access