Kaspersky Identifies Over 90 Fake Download Sites Distributing ScreenConnect and AsyncRAT
Written by: BizCommunity Editor Save to Instapaper
According to the company, the campaign uses websites impersonating the official download pages of popular free software, including OBS Studio, DNS Jumper, DS4Windows, Glary Utilities and Bandicam. More than 90 fraudulent domains have been identified across 10 languages, allowing the attackers to target users and organisations globally.
Kaspersky said the campaign was uncovered through its Managed Detection and Response service after investigators detected attackers distributing malicious installer archives through fake download sites that were promoted using search engine optimisation techniques.
Remote access tool used to deploy malware
Instead of installing legitimate software, victims unknowingly install a hidden instance of ScreenConnect, a remote administration tool that provides attackers with persistent access to infected devices. The attackers then deploy AsyncRAT, an open-source remote access trojan that can steal data and provide full control of compromised systems.
According to Kaspersky, registrations of domains linked to the campaign peaked in February 2026. The company said the same threat actor previously used fake software websites to distribute malware disguised as video games.
Denis Kulik, lead SOC analyst at Kaspersky, said the campaign posed a particular risk to businesses because remote administration tools are often trusted within corporate environments.
"The campaign targets both users downloading free utilities from the internet and corporate networks, where remote access tools are often allowlisted and granted elevated privileges. Its danger lies in its potential to facilitate large-scale credential theft and unauthorised access to systems, with the stolen data typically later resold on dark web forums," he said.
Businesses urged to verify software sources
Kaspersky advised organisations to restrict software installations from untrusted sources, monitor for unauthorised remote administration services, filter outbound traffic to unknown domains and IP addresses, and verify the authenticity of software download websites.
The company also recommended that users download software only from reputable sources, enable multi-factor authentication where available and use endpoint security software to detect malicious downloads.
Get new press articles by email
We submit and automate press releases distribution for a range of clients. Our platform brings in automation to 5 social media platforms with engaging hashtags. Our new platform The Pulse, allows premium PR Agencies to have access to our newsletter subscribers.
Latest from
- From Motivation To Market How South Africa Can Turn Youth Entrepreneurship Into Sustainable Businesses
- Nissan Appoints Wheeler Following Diverse Finance Career Across Automotive Industry
- Mentorship Equals Funding in Importance for Youth Entrepreneurship Says Fuchs
- Majority Of South African Employees Diagnosed With Mental Health Condition Employers Urged To Share Responsibi
- Virtualisation Transforms BMS Delivering Cloud‑Ready Resilience And Scalability
- Gideon Khobane Appointed Managing Director Rest Of Africa At Publicis Groupe Africa
- Afrirent Holdings Launches Major Recruitment Drive After Securing 60‑Month National Fleet Contract
- Propelair Expands Contour Range With Contour Zero And Contour Pulse Urinals
- Oil War and the Cost of Living What Middle East Tensions Mean for Eastern and Southern Africa
- IGrow Team Sponsors Hole at Seed Scholarship Golf Day and Donates Fourball Winnings
- Nominations Open For 1659 Awards Recognising Visionary Leadership And Industry Innovation
- World Cup Drives 17.2 Billion TikTok Views Surge in One Week
- Draft ToR Flags Competition Concerns in South Africa’s Franchising Sector
- Pick n Pay Launches Penny AI Assistant on asap! Using Google Gemini
- The Business Show Africa and Access to Finance Live Return to Sandton Convention Centre in September 2026
The Pulse Latest Articles
- Bundox Moves Beyond Safari Packages With “experience Our Wild Africa” (July 3, 2026)
- Tutor Doctor South Africa Celebrates Double Award Wins (June 30, 2026)
- Rethinking Performance: Part 5 Aligning Judgement In Performance Evaluation (June 30, 2026)
- Axor: Redefining The Architecture Of Luxury Living (June 29, 2026)
- The Real Ai: How African Ingenuity Drives Growth And Distinguishes The Continent’s Logistics Sector (June 25, 2026)
