Tag

Screenconnect

4 briefs RSS

Cryptojacking Campaign Abusing ScreenConnect and SEO Poisoning

An active cryptojacking campaign uses SEO poisoning, AI chatbot interactions, and ScreenConnect abuse to target high-performance PCs, aiming to maximize GPU mining yield and establish persistent remote access for potential data theft or ransomware attacks.

ScreenConnect cryptojacking seo-poisoning dll-sideloading

2r 1t 1i 3w ago

high advisory

Zoom-themed Phishing Campaign Delivering ConnectWise ScreenConnect

2 rules 5 TTPs 4 IOCs

A phishing campaign impersonates Zoom to trick users into downloading and installing ConnectWise ScreenConnect, a legitimate remote monitoring and management tool, allowing attackers to gain persistent remote access, harvest credentials, and deploy secondary malware such as ransomware.

Zoom +2 phishing remote_access social_engineering screenconnect

2r 5t 4i May 18, 2026

high advisory

ScreenConnect 26.1 Cryptographic Material Protection Vulnerability

2 rules 1 TTP

ScreenConnect version 26.1 has a vulnerability related to the insufficient protection of server-level cryptographic material, potentially allowing unauthorized access and data compromise.

screenconnect vulnerability cryptographic-material

2r 1t Mar 19, 2026

medium advisory

Suspicious ScreenConnect Client Child Process Activity

2 rules 11 TTPs 2 CVEs

This rule identifies suspicious child processes spawned by ScreenConnect client processes, potentially indicating unauthorized access and command execution abusing ScreenConnect remote access software to perform malicious activities such as data exfiltration or establishing persistence.

Elastic Defend +3 command-and-control defense-evasion execution persistence screenconnect

2r 11t 2c May 16, 2024