{“lastseen”:”2025-12-03T16:07:05″,”description”:”A new wave of attacks is exploiting legitimate Remote Monitoring and Management (RMM) tools like LogMeIn Resolve (formerly GoToResolve) and PDQ Connect to remotely control victims\u2019 systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support programs under false pretenses\u2013disguising them as everyday utilities. Once installed, the tool gives attackers full remote access to the victim\u2019s machine, evading many conventional security detections because the software itself is legitimate.\\n\\nWe\u2019ve recently noticed an uptick in our telemetry for the detection name RiskWare.MisusedLegit.GoToResolve, which flags suspicious use of the legitimate GoToResolve\/LogMeIn Resolve RMM tool.\\n\\nOur data shows the tool was detected with several different filenames. Here are some examples from our telemetry:\\n\\n\\n\\nThe filenames also provide us with clues about how the targets were likely tricked into downloading the tool.\\n\\nHere\u2019s an example of a translated email sent to someone in Portugal:\\n\\n\\n\\nAs you can see, hovering over the link shows that it points to a file uploaded to Dropbox. Using a legitimate RMM tool and a legitimate domain like dropbox[.]com makes it harder for security software to intercept such emails.\\n\\nOther researchers have also described how attackers set up fake websites that mimic the download pages for popular free utilities like Notepad++ and 7-Zip.\\n\\nClicking that malicious link delivers an RMM installer that\u2019s been pre-configured with the attacker\u2019s unique \u201cCompanyId\u201d\u2013a hardcoded identifier tying the victim machine directly to the attacker\u2019s control panel.\\n\\n\\n\\nThis ID lets them instantly spot and connect to the newly infected system without needing extra credentials or custom malware, as the legitimate tool registers seamlessly with their account. Firewalls and other security tools often allow their RMM traffic, especially because RMMs are designed to run with admin privileges. The result is that malicious access blends in with normal IT admin traffic.\\n\\n## How to stay safe\\n\\nBy misusing trusted IT tools rather than conventional malware, attackers are raising the bar on stealth and persistence. Awareness and careful attention to download sources are your best defense.\\n\\n * Always download software directly from official websites or verified sources.\\n * Check file signatures and certificates before installing anything.\\n * Verify unexpected update prompts through a separate, trusted channel.\\n * Keep your operating system and software up to date.\\n * Use an up-to-date, real-time anti-malware solution. Malwarebytes for Windows now includes Privacy Controls that alert you to any remote-access tools it finds on your desktop.\\n * Learn how to spot social engineering tricks used to push malicious downloads.\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-12-03T14:12:59″,”modified”:”2025-12-03T14:12:59″,”type”:”malwarebytes”,”title”:”How attackers use real IT tools to take over your computer”,”source”:””,”references”:””,”id”:”MALWAREBYTES:D2039DAC00269602E96DC678EC9683FD”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/how-attackers-use-real-it-tools-to-take-over-your-computer”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-03T16:07:05″,”description”:”A new wave of attacks is exploiting legitimate Remote Monitoring and Management (RMM) tools like LogMeIn Resolve (formerly GoToResolve) and PDQ Connect to remotely control…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-28465","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n