Cybersecurity researchers are alerting users in Brazil about a new phishing campaign utilizing commercial remote monitoring and management (RMM) software. Initiated in January 2025, the campaign employs spam emails purportedly from financial entities warning of overdue payments, leading users to malicious Dropbox links. Notable targets include C-level executives and HR professionals across diverse sectors. The use of RMM tools is exploited by attackers to ensure unauthorized access, with notable software like N-able and PDQ Connect being leveraged. N-able has responded by disabling affected trial accounts.
"Adversaries' abuse of commercial RMM tools has steadily increased in recent years. These tools are of interest to threat actors because they are usually digitally signed by recognized entities."
"The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox."
Collection
[
|
...
]