Cybersecurity researchers have uncovered a campaign using the legitimate ConnectWise ScreenConnect software to deploy a fileless loader that installs AsyncRAT, enabling data theft and system monitoring. The attack employs layered VBScript and PowerShell scripts to maintain persistence and exfiltrate sensitive information, demonstrating the stealth of modern fileless malware. #AsyncRAT #ConnectWise #PowerShellThreats
Keypoints
- The attack leverages legitimate Remote Monitoring and Management software, ScreenConnect, for malicious purposes.
- Threat actors use layered scripting techniques, including VBScript and PowerShell, to deliver and maintain payloads.
- The AsyncRAT malware can log keystrokes, steal credentials, fingerprint systems, and target cryptocurrency wallets.
- Persistence is achieved through fake βSkype Updaterβ scheduled tasks that run after user logins.
- The malware exfiltrates data to command-and-control servers, making detection and analysis more difficult due to its fileless nature.
Read More: https://thehackernews.com/2025/09/asyncrat-exploits-connectwise.html