Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors

Microsoft TechRadar
Windows 11 remote desktop.
  • Microsoft warns of phishing campaigns with fake conferencing tools
  • Malware disguised using valid digital certificates
  • Broad enterprise targeting with persistent backdoor risk

Microsoft is warning of a new phishing campaign which aims to deploy persistent backdoors to victim’s computers.

In a new in-depth analysis, the company’s researchers said they recently spotted multiple phishing campaigns, currently not attributed to any known threat actors, which send out emails with weaponized PDF files (financial documents, invoices), fake meeting invitations, or organizational notifications.

Through these files, the attackers try to trick the recipients into downloading fake video conferencing tools. Files with names such as msteams.exe, trustconnectagent.exe, and zoomworkspace.clientsetup.exe, are being distributed and, to make matters worse, are digitally signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD.

What is TrustConnect?

In other words, the malware looked like legitimate, trusted software because it was signed with a certificate that normally proves the identity of a real company. As such, it passed through most antimalware solutions without raising any alarms.

This is not the first time we’re hearing of TrustConnect. In late February 2026, researchers reported finding a company by that name which, by all accounts, looked legitimate, sporting a valid certificate (that costs thousands), a working RMM product, and a professional-looking website.

However, it was all an elaborate scheme to infect corporate computers with a Remote Access Trojan (RAT). Ironically enough, victims were also charged $300 to purchase a license for the RMM.

When victims download and run these files, they get the legitimate tool, but they also get something they didn’t ask for - a regular (but unvetted) remote management tool such as ScreenConnect, Tactical RMM, MeshAgent, and others.

The campaign doesn’t seem to be targeting a specific company, or industry, Instead, Microsoft describes it as a broad phishing campaign targeting enterprise users. We don’t know how many of these emails went out, or how many companies were compromised as a result.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
People are just discovering the truth about why turkey eggs are nowhere to be found
Have you ever wondered why turkey eggs aren’t a common sight in grocery stores, despite the bird’s huge popularity for meat, especially around holiday seasons like Thanksgiving and Christmas. You see chicken eggs everywhere, and even duck eggs pop up sometimes, but turkey eggs? Never.
The Mary Sue
The Mary Sue
I Had No Idea Kylie Jenner Blew Every Dollar She’d Earned On KUWTK (But It All Worked Out)
Easy come, easy go.
Cinemablend
Cinemablend
RaKai banned from Twitch streaming again for 30 days after livestream accidentally reveals NBA star LaMelo Ball phone number
Streamer RaKai has been banned from Twitch for 30 days after revealing NBA star LaMelo Ball’s phone number during a livestream. The clip spread quickly online and led Twitch to suspend his channel for sharing private information. The incident adds to RaKai’s past bans, including a June 2025 suspension linked…
The Times of India
The Times of India
Harry Styles addresses ‘queerbaiting’ criticism in SNL opening monologue
Singer hosted the long-running variety show following the release of his new album
The Independent UK
The Independent UK
So, what happens during a gas crisis, anyway? Your older relatives have a reason to bring up what could come next
With gas prices up 11%, rationing being debated in California, and a dozen countries already restricting fuel, the 1970s playbook is back. Here's what it looked like then, and what it could look like now.
Fortune
Fortune
‘Small, plump, gooey … marvellous’: the best supermarket tortilla, tasted and rated
Which supermarket Spanish omelette seems as if it’s served plump from the pan, and which is a soggy flop?
The Guardian - UK
The Guardian - UK
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play