VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Phishing Campaign VENOMOUS#HELPER: SimpleHelp and ScreenConnect in 80+ Organizations

Фишинговая кампания VENOMOUS#HELPER: SimpleHelp и ScreenConnect в 80+ организациях

Colleagues, a security alert: the VENOMOUS#HELPER campaign leverages legitimate RMM tools SimpleHelp and ScreenConnect and has impacted over 80 organizations, primarily in the US.

- Initial vector: email impersonating the SSA, leading to a JWrapper‑packed .exe downloaded from a compromised website.
- SimpleHelp is installed as a service with SeDebug and configured to autostart; if blocked, attackers deploy ScreenConnect as a fallback.
- The operation uses signed software and a 'dual‑channel' architecture to maintain persistent, covert access.

Why it matters: legitimate RMMs hinder detection and enable operator re‑entry.

Recommendations: verify RMM deployments, privilege controls and inbound mail handling.

How do you plan to respond?

#cybersecurity #phishing #RMM

Latest comments

No comments yet.