Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors

1. Pro
2. Security

Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors News By Sead Fadilpašić published 5 March 2026

TrustConnect is back

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Microsoft)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

• Microsoft warns of phishing campaigns with fake conferencing tools
• Malware disguised using valid digital certificates
• Broad enterprise targeting with persistent backdoor risk

Microsoft is warning of a new phishing campaign which aims to deploy persistent backdoors to victim’s computers.

In a new in-depth analysis, the company’s researchers said they recently spotted multiple phishing campaigns, currently not attributed to any known threat actors, which send out emails with weaponized PDF files (financial documents, invoices), fake meeting invitations, or organizational notifications.

Through these files, the attackers try to trick the recipients into downloading fake video conferencing tools. Files with names such as msteams.exe, trustconnectagent.exe, and zoomworkspace.clientsetup.exe, are being distributed and, to make matters worse, are digitally signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD.

You may like

• Watch out: hackers are hijacking Microsoft Teams messages to try and get access to your emails - here's what you need to look out for
• Who's watching who? Experts reveal criminals using fake enterprise software to gain access to company systems
• Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices

What is TrustConnect?

In other words, the malware looked like legitimate, trusted software because it was signed with a certificate that normally proves the identity of a real company. As such, it passed through most antimalware solutions without raising any alarms.

This is not the first time we’re hearing of TrustConnect. In late February 2026, researchers reported finding a company by that name which, by all accounts, looked legitimate, sporting a valid certificate (that costs thousands), a working RMM product, and a professional-looking website.

However, it was all an elaborate scheme to infect corporate computers with a Remote Access Trojan (RAT). Ironically enough, victims were also charged $300 to purchase a license for the RMM.

When victims download and run these files, they get the legitimate tool, but they also get something they didn’t ask for - a regular (but unvetted) remote management tool such as ScreenConnect, Tactical RMM, MeshAgent, and others.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

The campaign doesn’t seem to be targeting a specific company, or industry, Instead, Microsoft describes it as a broad phishing campaign targeting enterprise users. We don’t know how many of these emails went out, or how many companies were compromised as a result.

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS Microsoft Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

View More

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Watch out: hackers are hijacking Microsoft Teams messages to try and get access to your emails - here's what you need to look out for    Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices    Microsoft warns of OAuth phishing campaigns able to bypass email and browser defenses - says 'these campaigns demonstrate that this abuse is operational, not theoretical'    This phishing campaign spoofs internal messages - here's what we know    State actors are abusing OAuth device codes to get full M365 account access - here's what we know    A new LinkedIn phishing scam is targeting executives online - make sure you don't fall for this    Latest in Security Major data leak forum LeakBase seized by FBI, Europol, and shut down    Microsoft, Europol take down global phishing as a service network which was able to bypass 2FA with ease    'The total industrialization of cyber threats': Cloudflare report outlines how hackers are 'weaponizing the Internet'    iPhones targeted by 'new and powerful' malware - and "Coruna" may have been developed by the US government    Hackers are turning to easy, fast AI solutions to roll out attacks - so how can your business stay safe?    Hack on French medical site sees over 15 million records leaked, including private health info    Latest in News The Division 2: Warlords of New York expansion will be available for all players during the series' Anniversary Season alongside a new, limited-time Realism Mode that is 'a reflection of what has always sat at the heart of The Division'    Dutch MPs call for free government-backed VPN, ad-blocker, and password manager for all citizens    Ubisoft provides updates on the Assassin's Creed series, says its 'taking the time to deliver on its ambitious vision' of Hexe and Codename Invictus is 'a new approach to multiplayer in the franchise, but it isn't quite what the rumors have suggested'    Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors    Apple Music is launching Transparency Tags to flag AI-generated slop    ExpressVPN just gave AI agents the power to control your connection    LATEST ARTICLES

1. 1Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors
2. 2NYT Connections hints and answers for Friday, March 6 (game #999)
3. 3NYT Strands hints and answers for Friday, March 6 (game #733)
4. 4Florida woman given major jail sentence for illegally selling Microsoft product keys
5. 5This new controller has turned me into a parrying machine