A threat actor has been observed advertising a new Remote Access Trojan (RAT) on underground forums, marketing it as a fully undetectable (FUD) alternative to the legitimate remote access tool, ScreenConnect.
The malware is being sold with a suite of advanced features designed to bypass modern security defenses, signaling a growing trend in sophisticated, ready-to-use cybercrime tools.
The seller claims the tool achieves zero detections during both static and runtime analysis, making it a potent threat for initial access and payload delivery operations.
This development underscores the ongoing efforts by malicious actors to exploit trust and evade detection by mimicking legitimate software and processes.
Bypassing Security With Advanced Evasion
The primary selling point of this new RAT is its ability to bypass security warnings from both Google Chrome and Windows SmartScreen.
The threat actor claims this is achieved by bundling the malware with a valid Extended Validation (EV) certificate.
EV certificates are a high-assurance digital identity standard that typically causes browsers to display a green bar or the company’s name, instilling a false sense of security in the victim.
The package also includes antibot mechanisms and cloaked landing pages. These features allow the malware to present benign content to security scanners and sandboxes while delivering the malicious payload to genuine targets, a common tactic for evading automated analysis.
The provided advertisement showcases a convincing but fraudulent Adobe Acrobat Reader download page, demonstrating a typical social engineering scheme for delivery.
According to the seller’s post, the RAT is equipped with a remote viewer, granting the attacker direct visual control over a compromised machine’s desktop.
This capability allows for real-time monitoring, data exfiltration, and interactive system manipulation. Furthermore, the tool utilizes a PowerShell-based command to load its executable. This fileless technique helps it remain hidden from traditional antivirus solutions that primarily focus on scanning files on disk.
The actor explicitly states the tool can be used as a “FUD loader,” indicating its primary function may be to establish a persistent and stealthy foothold on a target system before deploying secondary payloads, such as ransomware, spyware, or banking trojans.
The seller offers a demo and promises delivery within 24 working hours, suggesting a professional and operationalized service.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
