"Attackers are increasingly bypassing traditional malware defenses by exploiting legitimate remote monitoring and management tools for backdoor access. KnowBe4 Threat Labs warns of the Skeleton Key campaign, in which threat actors hijack trusted IT software rather than deploy custom malware. The campaign reflects a growing trend in which attackers no longer develop malware but reuse existing enterprise software. Instead of breaking in through the front door, they steal the master key by compromising user data and transforming remote access tools into hidden persistence mechanisms."
"With stolen credentials, attackers generate legitimate access tokens for remote monitoring and management platforms. A file called "GreenVelopeCard.exe" installs tools such as GoTo Resolve and LogMeIn, allowing malicious activity to blend in with normal enterprise traffic and evade signature-based detection. KnowBe4 discovered that the dropper contains a configuration file that instructs RMM software to install silently, connect to attacker-controlled accounts, and operate with full remote control capabilities."
Attackers exploit legitimate remote monitoring and management tools to bypass traditional malware defenses and maintain stealthy backdoor access. The attack starts with phishing emails impersonating Greenvelope that lead victims to a fake login page to harvest credentials. Stolen credentials are used to generate valid access tokens and deploy a dropper named GreenVelopeCard.exe, which installs GoTo Resolve, LogMeIn, and other RMM tools under attacker-controlled accounts. The RMM configuration enables silent installation and full remote control, blending malicious actions with normal enterprise traffic. Persistence is achieved via registry manipulation, abused Windows services, and hidden scheduled tasks while C2 traffic routes through legitimate infrastructure.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]