1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Hackers abuse UltraVNC, Splashtop, and ScreenConnect to hijack bu

    From TechnologyDaily@1337:1/100 to All on Thu May 28 15:15:27 2026
    Hackers abuse UltraVNC, Splashtop, and ScreenConnect to hijack business PCs

    Date:
    Thu, 28 May 2026 14:05:00 +0000

    Description:
    Numerous legitimate tools being used in RMM attacks against Brazilian targets.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Huntress uncovered a phishing campaign delivering legitimate RMM tools (Tiflux, UltraVNC, Splashtop, ScreenConnect) to gain persistence and exfiltrate business data Attackers
    lure victims with fake Network Solutions service agreement emails, then abuse a vulnerable driver (HwRwDrv.x64) for privilege escalation Evidence points to Brazilian infrastructure and targets, with defenses hinging on strict RMM auditing, asset inventories, and log reviews against LOLRMM databases Cybercriminals are abusing a whole swathe of legitimate programs, including Tiflux, UltraVNC, Splashtop, and ScreenConnect to take control of business computers, establish persistence, and continuously exfiltrate sensitive data. This is according to security researchers Huntress, who detailed the new campaign in an in-depth research paper.

    The attack starts with a carefully crafted phishing email, usually themed around an updated Service Agreement from Network Solutions. The email claims that Network Solutions has modified its pricing statements and services and instructs the target to visit a page where they can review and accept the new terms. Victims that click the provided link are first asked to complete a CAPTCHA, likely to filter out bots and automated analysis. After that, they are asked to download a secured document which is just an installer for TIflux, a legitimate commercial (albeit fringe) Remote Monitoring and Management (RMM) tool. Latest Videos From You may like Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors Experts
    warn of 'highly sophisticated' weaponized JPEG campaign used to send out ScreenConnect malware Watch out Microsoft Teams users - hackers are spreading a dangerous new phishing scam, here's what we know Attacks since late
    February Together with Tiflux, victims are also served other tools, including 7zip, an outdated version of the UltraVNC remote access tool , and a vulnerable driver called HwRwDrv.x64. The latter seems to be the key here, since it allows for potential privilege escalation.

    The attackers then use Tiflux to install either Splashtop or ScreenConnect (or, in some cases, both), before proceeding with the main goal -
    transmitting live screenshots, running system utilities, establishing persistence, and exfiltrating data.

    Huntress saw the attacks in the wild in late February this year. The report doesnt mention any specific threat actor groups or names, but it does state that TIflux is a Brazilian tool, and that the threat actor's infrastructure leverages a server domain ending in a Brazilian country-code top-level
    domain.

    In other words, it all points to this being a Brazilian attacker, going after Brazilian targets. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Businesses can defend against RMM abuse by establishing a comprehensive asset inventory of all installed applications, implementing strict application controls, regularly auditing authorized RMMs and cross-referencing them against databases like LOLRMM to find tools frequently abused by threat actors, and reviewing logs for RMM activity. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-abuse-ultravnc-splashtop-and-sc reenconnect-to-hijack-business-pcs


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)