Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors

News
By published

TrustConnect is back

Windows 11 remote desktop
(Image credit: Microsoft)
  • Microsoft warns of phishing campaigns with fake conferencing tools
  • Malware disguised using valid digital certificates
  • Broad enterprise targeting with persistent backdoor risk

Microsoft is warning of a new phishing campaign which aims to deploy persistent backdoors to victim’s computers.

In a new in-depth analysis, the company’s researchers said they recently spotted multiple phishing campaigns, currently not attributed to any known threat actors, which send out emails with weaponized PDF files (financial documents, invoices), fake meeting invitations, or organizational notifications.

Through these files, the attackers try to trick the recipients into downloading fake video conferencing tools. Files with names such as msteams.exe, trustconnectagent.exe, and zoomworkspace.clientsetup.exe, are being distributed and, to make matters worse, are digitally signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD.

What is TrustConnect?

In other words, the malware looked like legitimate, trusted software because it was signed with a certificate that normally proves the identity of a real company. As such, it passed through most antimalware solutions without raising any alarms.

This is not the first time we’re hearing of TrustConnect. In late February 2026, researchers reported finding a company by that name which, by all accounts, looked legitimate, sporting a valid certificate (that costs thousands), a working RMM product, and a professional-looking website.

However, it was all an elaborate scheme to infect corporate computers with a Remote Access Trojan (RAT). Ironically enough, victims were also charged $300 to purchase a license for the RMM.

When victims download and run these files, they get the legitimate tool, but they also get something they didn’t ask for - a regular (but unvetted) remote management tool such as ScreenConnect, Tactical RMM, MeshAgent, and others.

The campaign doesn’t seem to be targeting a specific company, or industry, Instead, Microsoft describes it as a broad phishing campaign targeting enterprise users. We don’t know how many of these emails went out, or how many companies were compromised as a result.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.