How Attackers Use Real IT Tools to Take Over Your Computer

How Attackers Use Real IT Tools to Take Over Your Computer www.malwarebytes.com/blog/news… A new wave of attacks is leveraging legitimate Remote Monitoring and Management (RMM) tools — including LogMeIn Resolve (formerly GoToResolve) and PDQ Connect — to remotely control victims’ systems. Instead of deploying traditional malware, adversaries persuade users to install trusted IT support software disguised as everyday utilities, granting full remote access while evading many standard security detections. Malwarebytes telemetry shows an increase in detections under RiskWare.MisusedLegit.GoToResolve, which flags suspicious use of the legitimate GoToResolve/LogMeIn Resolve RMM product. Researchers have further documented fake websites impersonating download pages for common free utilities such as Notepad++ and 7-Zip. Clicking these malicious links delivers an RMM installer preconfigured with the attacker’s unique CompanyId, which binds the victim’s device directly to the attacker’s control dashboard. Because the installer automatically registers with the attacker’s account — and because RMM traffic is typically trusted and permitted by firewalls and administrative policies — malicious access often blends in seamlessly with legitimate IT activity.