RAT disguised as an RMM costs crims $300 a month • The Register

RAT disguised as an RMM costs crims $300 a month • The Register

https://www.theregister.com/2026/02/19/rmm_rat_trustconnect/

Publish Date: 2026-02-19 18:46:00

Source Domain: www.theregister.com

Researchers at Proofpoint late last month uncovered what they describe as a “weird twist” on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.

These folks created an entirely fake RMM vendor that purports to sell enterprise software for $300 a month. In fact, it’s a remote access trojan (RAT) being sold as a service. Call it a RATaaS.

The criminals behind the malware took great care to make their product appear legitimate, giving it the name TrustConnect. They even built a fake business website and obtained a legitimate Extended Validation code-signing certificate to digitally sign malware and allow it to bypass security controls.

At first, the crooks even fooled Proofpoint’s threat hunters themselves. “Initially, TrustConnect appeared to be another legitimate RMM tool being abused,” the company’s research team said in a Thursday post.

Criminals prefer using legitimate, commercial software for nefarious purposes because it makes it easier for them to hide inside enterprise IT environments.

Over the past year or so, RMM tools have moved to the top of attackers’ must-have list. There are many of them to choose from, enterprises already use and trust many of these tools, and they provide a direct, remote pipeline to victims’ machines for deploying ransomware, info-stealers, and other malware, and maintaining long-term access to infected systems.

Security shop Huntress, in its annual cyber threat report released this week, noted skyrocketing RMM abuse, jumping 277 percent in 2025 compared to the year prior and accounting for 24 percent of all observed incidents.

Abuse of Trust(Connect)

The domain, trustconnectsoftware[.]com, was created on January 12 and the website there was probably written by an AI, according to Proofpoint.

“The malware…

Source