(Don't) TrustConnect: It's a RAT in an RMM hat
Essential information
- Published
- 19/02/2026 11:10
- Modified
- 19/02/2026 12:44
- Tags
- 2026-02-19 c2 infrastructure cybercrime digital signatures docconnect email campaigns malware-as-a-service remote access trojan rmm abuse trustconnect trustconnect rat
- Related entities
- 10 observables, 5 techniques (mitre), 2 malware, 10 others
Description
A new malware-as-a-service (MaaS) called TrustConnect has been discovered masquerading as a legitimate remote monitoring and management (RMM) tool. The malware, classified as a remote access trojan (RAT), uses a fake business website as its command and control center and MaaS portal. Priced at $300 per month, it offers features like a web-based C2 dashboard, automated payload generation with digital signatures, and remote desktop capabilities. The malware has been distributed through various email campaigns, often alongside legitimate RMM tools. Proofpoint researchers identified links between TrustConnect's creator and previous users of Redline stealer. The emergence of this new MaaS demonstrates the ongoing evolution of the cybercrime market and the thriving ecosystem of RMM abuse.