The attackers have also created signed executables that impersonate installers for widely used software such as Zoom, Microsoft Teams, Adobe Reader, and Google Meet, with matching icons and metadata. Victims are encouraged to download them by clicking on a link in an email, which then automatically registers infected systems in the operator’s control panel on the TrustConnect website, essentially making TrustConnect a remote access trojan (RAT).
In one particular campaign leveraging a single compromised sender, lures included URLs leading to ScreenConnect installation from Jan. 31 to Feb. 1, and then on Feb. 3 to TrustConnect and LogMeln Resolve installations.
Attackers use a dual-purpose website
The TrustConnect website has realistic marketing language, feature descriptions, and documentation that serves both as a public-facing front to promote the software and as a backend portal for customers who purchase access to the tool’s malicious services.
