ConnectWise Conundrum: Malware Mischief Unleashed by Authenticode Stuffing Shenanigans!

G Data warns that threat actors are using Authenticode stuffing to sneakily insert malware into ConnectWise applications. The modified software even masquerades as an AI-to-image converter, fakes Windows updates, and leaves users wondering if their computer’s become sentient or just really, really sneaky.

3P
Published: June 25, 2025 12:31 pmAdded: June 25, 2025 at 5:41 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It looks like ConnectWise’s ‘open door’ policy has extended to cybercriminals, practically inviting them over for a malware tea party! Who knew the key to evil genius was simply stuffing a little code in the right places? Talk about a magic trick gone wrong—now you see malware, now you don’t! Maybe next, they’ll market it as the Houdini edition.

Key Points:

  • Cyber baddies are exploiting ConnectWise’s remote access apps to deploy malware.
  • G Data unearthed the use of Authenticode stuffing to bypass security checks.
  • The trick? Hide malware in the certificate table and keep that digital signature looking legit.
  • Since March 2025, there’s been a rise in these sneaky tactics via ConnectWise.
  • ConnectWise revoked the signature of affected samples after being alerted.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?