As reported by Infosecurity Magazine, a six-month phishing operation dubbed SeasonalInvite has been targeting Windows and macOS users by abusing remote monitoring and management (RMM) software, delivered through fake electronic greeting cards (eCards).The campaign, active since at least January 2026, employs rotating lures tied to the calendar, such as tax themes in winter and Valentine's or Easter invitations later on, according to Forescout. Victims are directed through a traffic distribution system to a fake eCard service that automatically downloads an operating-system-specific installer. This operation abuses commercially signed RMM tools like ConnectWise ScreenConnect, LogMeIn Resolve, Kaseya, and O&O Syspectr. Because these installers are legitimate and validly signed, they bypass standard security checks. On Windows, the process involves UAC prompts requiring user approval for privileged installation. For macOS, a signed Kaseya package is paired with a separate configuration file to redirect enrollment to the attacker's server, exploiting an unattended deployment feature.The phishing pages show signs of AI generation, suggesting the use of large language models to create variants efficiently. Forescout recommends organizations maintain an approved inventory of RMM tools, enhance email filtering, and train staff to recognize that genuine e-cards should never prompt for remote support software installation or approval of privilege elevation.Source: Infosecurity Magazine
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




