BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

AsyncRAT Delivered via ScreenConnect in New Fileless Attack Campaign

Hackers Abuse ScreenConnect in Fileless AsyncRAT Campaign to Steal Credentials and Crypto Data

  • Certain threat actors are misusing ConnectWise ScreenConnect, a legitimate remote monitoring tool, to access target systems and deploy Malware.
  • Cybersecurity researchers observed attackers delivering AsyncRAT, a remote access trojan, using fileless malware techniques to steal sensitive data.
  • Initial access was achieved by sending fraudulent ScreenConnect installers disguised as business documents in phishing emails.
  • The campaign uses complex scripts and scheduled tasks to maintain presence on infected machines and evade detection.
  • Stolen data, including credentials and information on crypto wallets, is sent to a remote server controlled by the attackers.

Attackers are exploiting ConnectWise ScreenConnect to gain unauthorized access to computers as part of a new campaign, according to findings published by cybersecurity researchers on September 11, 2025. The goal is to deliver a remote access trojan called AsyncRAT in order to steal data from compromised devices.

- Advertisement -

Analysts at LevelBlue reported that the attackers use phishing emails containing malicious ScreenConnect installers that appear to be financial or business-related files. After establishing remote access, the attackers manually deploy a series of scripts and software components without leaving obvious files on the system’s disk, making detection much more difficult.

According to an official report from LevelBlue, the attackers run a layered Visual Basic Script and PowerShell loader. “The attacker used ScreenConnect to gain remote access, then executed a layered VBScript and PowerShell loader that fetched and ran obfuscated components from external URLs,” the researchers said. The process ultimately unpacks AsyncRAT and maintains ongoing access by setting up a fake “Skype Updater” task.

The malware retrieves two main files—“logs.ldk” and “logs.ldr”—from an attacker-controlled server. The first file writes a new script for persistent access, while the second is used to launch AsyncRAT. This trojan sends user keystrokes, browser logins, and details of installed cryptocurrency wallet applications (like those used in Chrome, Brave, Edge, Opera, and Firefox) back to a command-and-control server.

All communication and stolen data are sent over a direct internet connection to the attackers’ remote server, with configuration details either built into the code or loaded from a remote Pastebin page. The researchers explained that fileless malware, which operates in a computer’s memory instead of saving files on disk, is especially difficult to detect and remove.

- Advertisement -

The technique relies on trusted system tools and remote access programs, highlighting the challenges that organizations face in defending against fileless malware attacks.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

IMF: Dollar stablecoins may amplify currency runs in fixed-rate economies

An IMF working paper by economist Brandon Joel Tan models how dollar stablecoins improve...

Japan Plans to Legalize Cryptocurrency ETFs, Minister Says

Japanese Finance Minister Satsuki Katayama announced plans to legalize cryptocurrency ETFs.ETFs let investors gain...

Must Read

Top 10 Best DeFi Tokens to Invest in 2022

Decentralized Finance (Defi), is one of the most talked-about topics in the crypto space alongside NFTs. So if you want to know the best...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading