Malicious actors have leveraged the ConnectWise ScreenConnect remote monitoring and management tool to distribute the AsyncRAT trojan as part of a new attack campaign, according to Security Affairs.After achieving remote access through a hacked ScreenConnect client, attackers launched a VBScript that ran commands to retrieve and execute a pair of payloads, with 'logs.ldk' being converted into a byte array and 'logs.ldr' being passed to the Main() method, leading to the execution of AsyncClient.exe or AsyncRAT's primary command-and-control engine, a LevelBlue report revealed.AsyncClient not only enables AES-256-based configuration decryption, command parsing, and C2 communications, but also allows keylogging, sensitive data exfiltration, and persistence."Fileless malware continues to evade modern defenses due to its stealthy nature and reliance on legitimate system tools for execution. This approach bypasses traditional disk-based detection by operating in memory, making these threats harder to detect, analyze, and eradicate," said LevelBlue researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




