Fileless Fiasco: AsyncRAT Strikes Again with ScreenConnect Shenanigans

LevelBlue Labs reveals a cyber caper where attackers used fileless methods to deliver AsyncRAT, stealing credentials and evading detection like a sneaky magician. The attack involved a compromised ScreenConnect client and a VBScript, proving once again that cybercriminals have more tricks than a circus clown.

3P
Published: September 10, 2025 4:07 pmAdded: September 18, 2025 at 5:25 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like AsyncRAT has been hitting the gym because it’s now so stealthy, it’s practically a ninja. Using fileless loaders and compromised tools, attackers are making sure your data is on a one-way trip to their servers. It’s like they’re running a cyber version of Ocean’s Eleven, only they’re not robbing casinos, they’re swiping your credentials and browser data. Forget firewalls, sounds like we need a cybersecurity equivalent of a restraining order!

Key Points:

– Attackers gained access via a compromised ScreenConnect client.
– They used a fileless loader to deliver the AsyncRAT Trojan.
– The attack employed a VBScript and PowerShell commands for payload delivery.
– AsyncRAT was used for credential theft and data exfiltration.
– Fileless methods were used to bypass traditional detection tools.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?