RAT Race: Cybercriminals Hijack Trusted Tools for Sneaky Attacks in 2025

Cybercriminals are turning legitimate remote access tools into their own personal welcome mats. Cofense Intelligence reports that these tools, intended for IT professionals, are now a hacker favorite. ConnectWise ScreenConnect is leading the charge, showing up in 56% of attacks. Remember: just because a tool has a suit and tie, doesn’t mean it’s not up to no good!

3P
Published: May 23, 2025 7:53 pmAdded: May 23, 2025 at 1:06 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, looks like cybercriminals have taken the old adage “if you can’t beat ’em, join ’em” to heart. Instead of crafting new tools, they’ve decided to just borrow the ones we already trust. It’s like borrowing your neighbor’s lawnmower, except instead of trimming the hedges, they’re trimming down your company’s security.

Key Points:

  • Cybercriminals are increasingly using legitimate Remote Access Tools (RATs) for attacks.
  • These tools are designed for lawful purposes, making them harder to detect.
  • ConnectWise ScreenConnect is the most commonly abused RAT, with 56% of attacks in 2024.
  • Attackers use methods like spoofing emails to trick victims into installing RATs.
  • RAT campaigns are often one-off events, posing ongoing challenges for cybersecurity.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?