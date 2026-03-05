Microsoft warns of phishing campaigns with fake conferencing tools

Malware disguised using valid digital certificates

Broad enterprise targeting with persistent backdoor risk

Microsoft is warning of a new phishing campaign which aims to deploy persistent backdoors to victim’s computers.

In a new in-depth analysis, the company’s researchers said they recently spotted multiple phishing campaigns, currently not attributed to any known threat actors, which send out emails with weaponized PDF files (financial documents, invoices), fake meeting invitations, or organizational notifications.

Through these files, the attackers try to trick the recipients into downloading fake video conferencing tools. Files with names such as msteams.exe, trustconnectagent.exe, and zoomworkspace.clientsetup.exe, are being distributed and, to make matters worse, are digitally signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD.

What is TrustConnect?

In other words, the malware looked like legitimate, trusted software because it was signed with a certificate that normally proves the identity of a real company. As such, it passed through most antimalware solutions without raising any alarms.

This is not the first time we’re hearing of TrustConnect. In late February 2026, researchers reported finding a company by that name which, by all accounts, looked legitimate, sporting a valid certificate (that costs thousands), a working RMM product, and a professional-looking website.

However, it was all an elaborate scheme to infect corporate computers with a Remote Access Trojan (RAT). Ironically enough, victims were also charged $300 to purchase a license for the RMM.

When victims download and run these files, they get the legitimate tool, but they also get something they didn’t ask for - a regular (but unvetted) remote management tool such as ScreenConnect, Tactical RMM, MeshAgent, and others.

The campaign doesn’t seem to be targeting a specific company, or industry, Instead, Microsoft describes it as a broad phishing campaign targeting enterprise users. We don’t know how many of these emails went out, or how many companies were compromised as a result.

