Malware, Security Operations, Threat Intelligence

Silent gateway threat: ‘HEURRemoteAdmin.GoToResolve.gen’ poses security risk

Coverage from HackRead indicates a new security alert has been issued concerning a program identified as HEURRemoteAdmin.GoToResolve.gen, which acts as a silent gateway for unauthorized access. Experts classify this tool as a potentially unwanted application (PUA) due to its stealthy installation and operation, evading user detection.

The Lat61 Threat Intelligence Team at Point Wild discovered that this software can be installed silently and maintain a persistent presence within a hidden folder. While originally a component of the legitimate GoTo Resolve service, it can be hijacked. A bundled file within the installer contains instructions for managing the app, enabling it to run in the background without user interaction, creating a potential attack surface. Worryingly, the software utilizes the Restart Manager (RstrtMgr.dll), a Windows component previously used by ransomware groups like Conti and Cactus, and the BiBi wiper, to terminate security processes. This could allow attackers to disable antivirus software, leaving systems vulnerable for further exploitation.

The use of legitimate remote administration tools like GoTo Resolve by threat actors is a growing trend. The silent execution and ability to load the Windows Restart Manager signal a dangerous pre-positioning of systems for subsequent, more destructive attacks. The presence of a valid digital signature from GoTo Technologies does not negate the risk, emphasizing that any unauthorized instance of this software should be treated as a high-level threat and removed to protect data.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds