Hackers Twist ScreenConnect Into Signed Malware

Hackers twist ScreenConnect into a new cyber threat by manipulating the installer’s digital signature, turning the legitimate remote access tool into a vehicle for malware. According to recent findings, threat actors are exploiting the ConnectWise ScreenConnect client by altering concealed settings within its Authenticode signature. This technique allows them to create signed remote access malware that retains the appearance of legitimacy, making detection more difficult.

By embedding malicious code into the installer’s signature, attackers can bypass traditional security checks and deploy their payloads undetected. Hackers twist ScreenConnect in this method to exploit trust in signed software, a tactic that complicates efforts by defenders to identify tampered files. The abuse of digital signing mechanisms highlights the growing sophistication of malware campaigns targeting remote access tools.

Security professionals are urged to scrutinize software signatures more closely and monitor for unusual behaviors in installed applications.

Read the full report here:
https://www.bleepingcomputer.com/news/security/hackers-turn-screenconnect-into-malware-using-authenticode-stuffing/