Related
Top stories





Marketing & MediaYour dashboard is lying to you: Why brands keep missing the 1 trillion rands township economy
Kabelo Kale, The Media Krate 3 days


According to the company, the campaign uses websites impersonating the official download pages of popular free software, including OBS Studio, DNS Jumper, DS4Windows, Glary Utilities and Bandicam. More than 90 fraudulent domains have been identified across 10 languages, allowing the attackers to target users and organisations globally.
Kaspersky said the campaign was uncovered through its Managed Detection and Response service after investigators detected attackers distributing malicious installer archives through fake download sites that were promoted using search engine optimisation techniques.
Instead of installing legitimate software, victims unknowingly install a hidden instance of ScreenConnect, a remote administration tool that provides attackers with persistent access to infected devices. The attackers then deploy AsyncRAT, an open-source remote access trojan that can steal data and provide full control of compromised systems.
According to Kaspersky, registrations of domains linked to the campaign peaked in February 2026. The company said the same threat actor previously used fake software websites to distribute malware disguised as video games.
Denis Kulik, lead SOC analyst at Kaspersky, said the campaign posed a particular risk to businesses because remote administration tools are often trusted within corporate environments.
"The campaign targets both users downloading free utilities from the internet and corporate networks, where remote access tools are often allowlisted and granted elevated privileges. Its danger lies in its potential to facilitate large-scale credential theft and unauthorised access to systems, with the stolen data typically later resold on dark web forums," he said.
Kaspersky advised organisations to restrict software installations from untrusted sources, monitor for unauthorised remote administration services, filter outbound traffic to unknown domains and IP addresses, and verify the authenticity of software download websites.
The company also recommended that users download software only from reputable sources, enable multi-factor authentication where available and use endpoint security software to detect malicious downloads.