Threat Intelligence, Phishing

Trojanized ConnectWise tool deployed via TRUMP coin lure

Cyber security concept. Toy horse on a digital screen, symbolizes the attack of the Trojan virus. 3D illustration.

Individuals looking to purchase President Donald Trump's cryptocurrency on Binance have been targeted with a new attack campaign spoofing the world's leading cryptocurrency platform to spread a trojanized version of the ConnectWise remote access tool aimed at data exfiltration, according to The Record, a news site by cybersecurity firm Recorded Future.

Attacks commenced with the distribution of phishing emails purporting to be from Binance that included a download link for TRUMP coins, which when clicked facilitated the installation of ConnectWise RAT, a report from Cofense showed.

ConnectWise RAT enabled threat actors to not only remotely take over targeted devices but also exfiltrate saved credentials, said Cofense researchers. Such findings come amid the increased exploitation of ConnectWise in various cyberattack campaigns.

"Part of the reason it has likely become so popular recently is that it has a lot of features and is free to use and easy to set up. Moreover, because it is technically legitimate there are a large number of files that it uses which cannot simply be blocked because they are also used by legitimate installations of ConnectWise RAT," said Cofense Intelligence Manager Max Gannon.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds