ScreenConnect Exploited in AsyncRAT Deployment Campaign

ScreenConnect Exploited in AsyncRAT Deployment Campaign

First seen 2 Jul 2026, 00:48 UTC Securelistattack.mitre.orgwww.kaspersky.comFeeds.Feedburner 88% similarity 69.5
Share:

Article Content

Browse articles
ThreatCluster

Threat actors are leveraging the ScreenConnect remote access tool to deploy AsyncRAT malware in a widespread campaign. This operation involves distributing malicious installer archives disguised as popular software like OBS Studio and Bandicam, with over 90 domain names identified across 10 languages. The attack begins with a legitimate Microsoft install.exe binary bundled with a rogue DLL library, which is loaded via DLL sideloading to deploy the ScreenConnect service. Once activated, the service executes a PowerShell script that configures Microsoft Defender exclusions and disables User Account Control. The attack maintains persistence through a scheduled task, ensuring it restarts after a reboot. Victims include both individual users and organizations, highlighting the campaign's extensive reach. Kaspersky has flagged this activity and continues to investigate the threat actor's infrastructure.

Key Points: • ScreenConnect is exploited to deploy AsyncRAT malware through malicious installers. • Over 90 spoofed domain names have been identified across 10 languages in this campaign. • The attack utilizes DLL sideloading and maintains persistence via scheduled tasks.

ThreatCluster AI

Timeline

2026-07-01
Kaspersky reports ScreenConnect exploitation
Kaspersky's investigation reveals that ScreenConnect is being used to deploy AsyncRAT in a widespread campaign targeting users globally.
Securelist
2026-07-01
Malicious installers identified
Malicious installer archives masquerading as legitimate software were found, with over 90 domains involved.
Feeds.Feedburner
Recent
Attack chain detailed
The attack chain involves DLL sideloading, PowerShell script execution, and persistence mechanisms to maintain control over compromised systems.
Securelist

Community

Browse all →