A threat actor has been observed advertising a new Remote Access Trojan (RAT) on underground forums, marketing it as a fully undetectable (FUD) alternative to the legitimate remote access tool, [ScreenConnect](https://cybersecuritynews.com/tag/screenconnect-security-flaw-let-attackers-by/).The malware is being sold with a suite of advanced features designed to bypass modern security defenses, signaling a growing trend in sophisticated, ready-to-use [cybercrime tools](https://cybersecuritynews.com/cybercrime-as-a-service/).The seller claims the tool achieves zero detections during both static and runtime analysis, making it a potent threat for initial access and payload delivery operations.This development underscores the ongoing efforts by malicious actors to exploit trust and evade detection by mimicking legitimate software and processes.**Bypassing Security With Advanced Evasion**——————————————–The primary selling point of this new RAT is its ability to bypass security warnings from both [Google Chrome](https://cybersecuritynews.com/hackers-mimic-google-chrome-install-page/) and [Windows SmartScreen](https://cybersecuritynews.com/windows-smartscreen-vulnerability/). FUD Malware ClaimThe threat actor claims this is achieved by bundling the malware with a valid Extended Validation (EV) certificate.EV certificates are a high-assurance digital identity standard that typically causes browsers to display a green bar or the company’s name, instilling a false sense of security in the victim.The package also includes antibot mechanisms and cloaked landing pages. These features allow the malware to present benign content to [security scanners](https://cybersecuritynews.com/web-security-scanners/) and sandboxes while delivering the malicious payload to genuine targets, a common tactic for evading automated analysis.The provided advertisement showcases a convincing but fraudulent Adobe Acrobat Reader download page, demonstrating a typical [social engineering](https://cybersecuritynews.com/social-engineering/) scheme for delivery.According to the seller’s post, the RAT is equipped with a remote viewer, granting the attacker direct visual control over a compromised machine’s desktop.This capability allows for real-time monitoring, data exfiltration, and interactive system manipulation. Furthermore, the tool utilizes a PowerShell-based command to load its executable. This fileless technique helps it remain hidden from traditional [antivirus solutions](https://cybersecuritynews.com/best-ransomware-protection-solutions/) that primarily focus on scanning files on disk.The actor explicitly states the tool can be used as a ‘FUD loader,’ indicating its primary function may be to establish a persistent and stealthy foothold on a target system before deploying secondary payloads, such as ransomware, spyware, or banking trojans.The seller offers a demo and promises delivery within 24 working hours, suggesting a professional and operationalized service.**Find this Story Interesting! Follow us on [Google News](https://news.google.com/publications/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&gl=IN&ceid=IN:en), [LinkedIn](https://www.linkedin.com/company/cybersecurity-news/), and [X](https://x.com/cyber_press_org) to Get More Instant Updates**.The post [Threat Actors Selling New Undetectable RAT as ‘ScreenConnect FUD Alternative’](https://cybersecuritynews.com/fud-as-screenconnect/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 516 – Broadcasting And Content Providers
NAICS: 51 – Information
Blog: Cybersecurity News
Associated Indicators: