A threat actor has been observed advertising a new Remote Access Trojan (RAT) on underground forums, marketing it as a fully undetectable (FUD) alternative to the legitimate remote access tool, ScreenConnect<\/a>.<\/p>\n The malware is being sold with a suite of advanced features designed to bypass modern security defenses, signaling a growing trend in sophisticated, ready-to-use cybercrime tools<\/a>.<\/p>\n The seller claims the tool achieves zero detections during both static and runtime analysis, making it a potent threat for initial access and payload delivery operations. <\/p>\n This development underscores the ongoing efforts by malicious actors to exploit trust and evade detection by mimicking legitimate software and processes.<\/p>\n The primary selling point of this new RAT is its ability to bypass security warnings from both Google Chrome<\/a> and Windows SmartScreen<\/a>.<\/p>\n The threat actor claims this is achieved by bundling the malware with a valid Extended Validation (EV) certificate. <\/p>\n EV certificates are a high-assurance digital identity standard that typically causes browsers to display a green bar or the company\u2019s name, instilling a false sense of security in the victim. <\/p>\n The package also includes antibot mechanisms and cloaked landing pages. These features allow the malware to present benign content to security scanners<\/a> and sandboxes while delivering the malicious payload to genuine targets, a common tactic for evading automated analysis.<\/p>\n The provided advertisement showcases a convincing but fraudulent Adobe Acrobat Reader download page, demonstrating a typical social engineering<\/a> scheme for delivery.<\/p>\n According to the seller\u2019s post, the RAT is equipped with a remote viewer, granting the attacker direct visual control over a compromised machine\u2019s desktop. <\/p>\n This capability allows for real-time monitoring, data exfiltration, and interactive system manipulation. Furthermore, the tool utilizes a PowerShell-based command to load its executable. This fileless technique helps it remain hidden from traditional antivirus solutions<\/a> that primarily focus on scanning files on disk.<\/p>\n The actor explicitly states the tool can be used as a \u201cFUD loader,\u201d indicating its primary function may be to establish a persistent and stealthy foothold on a target system before deploying secondary payloads, such as ransomware, spyware, or banking trojans. <\/p>\n The seller offers a demo and promises delivery within 24 working hours, suggesting a professional and operationalized service.<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post Threat Actors Selling New Undetectable RAT as \u2019ScreenConnect FUD Alternative\u2019<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nBypassing Security With Advanced Evasion<\/strong><\/h2>\n
![\"FUD](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhiRixxWlKDchkr8rIgn6zXylED-CBdtHZ4lx2RDN1M5pJ9HeKEHTQA6ERg-NsQBGXwqNjb6z9JzYmOkjBBozVTvJnbAkoay-axN_I0yAkd5NQ1bAH3f-KMvnkYEouJ-ugXcFKjTa5aCsmEQC3s2olTBEnKneof6j-TLy2KsR6LtsqAUCs0_IgIpVdiQroE\/s16000\/Malware%2520Advertised.webp?ssl=1\")