growing wave of cyberattacks is weaponizing legitimate Remote Monitoring and Management (RMM) tools—such as LogMeIn Resolve (formerly GoToResolve) and PDQ Connect—to hijack victims’ systems without deploying traditional malware. Instead, attackers trick users into installing these trusted IT utilities under false pretenses, often disguising them as common software downloads or support tools.
Once installed, these RMM applications provide attackers with full remote access, enabling them to control the system while bypassing many security checks, since the software itself is genuine. Malwarebytes telemetry has shown a notable rise in detections of RiskWare.MisusedLegit.
Phishing emails further facilitate these attacks. One example sent to a Portuguese user linked to what appeared to be a harmless Dropbox download—leveraging a trusted domain to avoid suspicion. In other cases, attackers create fake download pages mimicking legitimate tools like Notepad++ or 7-Zip.
The malicious installers are often pre-configured with an attacker’s CompanyId, allowing the compromised device to automatically register with the attacker’s control console. Because RMM traffic is typically allowed on networks and operates with admin privileges, this remote access blends seamlessly with legitimate IT activity.
How to stay safe:
• Download software only from official websites.
• Verify digital signatures before installing.
• Confirm unexpected update prompts through trusted channels.
• Keep systems patched and updated.
• Use real-time security tools—such as Malwarebytes Privacy Controls—to detect unwanted remote-access tools.
• Learn to identify social engineering tactics that push users toward malicious downloads.
This trend shows that attackers are increasingly relying on misused legitimate tools, making user vigilance more critical than ever.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
