Threat Actors Market Undetectable RAT as “ScreenConnect FUD Alternative”

Quick Takeaways

1. A threat actor is selling a fully undetectable Remote Access Trojan (RAT) on underground forums, claiming it can bypass modern security defenses and evade detection during analysis.
2. The malware is bundled with a valid Extended Validation (EV) certificate, making it appear trustworthy to browsers and users, and includes anti-bot and cloaking features to evade automated security tools.
3. It offers real-time visual control, data exfiltration, and uses fileless PowerShell techniques to remain hidden, serving as a stealthy "FUD loader" for initial access and secondary payload deployment.
4. The seller promotes professional delivery within 24 hours, highlighting the increasing sophistication and operational readiness of cybercrime tools designed to exploit trust and evade detection.

The Core Issue

A malicious actor has begun advertising a sophisticated Remote Access Trojan (RAT) on underground forums, claiming it to be completely undetectable (FUD) and an advanced alternative to legitimate tools like ScreenConnect. The malware boasts features designed to bypass modern security measures, including the ability to evade detection during static and runtime analysis, and to circumvent warnings from browsers like Google Chrome and security systems like Windows SmartScreen. To achieve this, the attacker bundles the RAT with a valid Extended Validation (EV) certificate, creating a convincing facade that tricks victims into trusting malicious downloads, exemplified by a fake Adobe Acrobat Reader page. It employs stealth techniques such as antibot mechanisms, cloaked landing pages, and a fileless PowerShell-loading method to hide from conventional antivirus solutions. The attacker claims the tool offers real-time control over infected machines, facilitating activities like data theft and system manipulation, with the primary goal of establishing an undetectable foothold for deploying secondary malware payloads such as ransomware or spyware—all promoted as a professional, ready-to-deploy service on underground platforms. The report of this activity is coming from cybersecurity researchers monitoring illicit forums and threat intelligence sources, warning of the increasing prevalence of highly advanced and easily accessible cybercriminal tools.

Critical Concerns

A cybercriminal has introduced a highly sophisticated Remote Access Trojan (RAT) into underground markets, promising near-total undetectability by claiming it evades both static and runtime security analyses, including antivirus and sandbox defenses. This RAT employs advanced evasion techniques such as bundling with a valid Extended Validation (EV) certificate to mimic legitimate software and deceive security warnings in browsers and operating systems like Windows SmartScreen, thereby amplifying its credibility and success rate. Its ability to cloak malicious activity through antibot measures, cloaked landing pages, and fileless PowerShell commands enables persistent stealth, facilitating real-time control and data exfiltration of compromised systems via a remote viewer. This tool’s deployment as a “FUD loader” signals an alarming trend in cybercrime: the shift toward highly customizable, turnkey malware capable of bypassing modern security measures, escalating the threat landscape by making initial breaches more covert and effective, ultimately enabling a range of downstream malicious activities such as ransomware deployment or espionage.

Possible Remediation Steps

When threat actors market new, undetectable Remote Access Trojans (RATs) as alternatives to ScreenConnect FUD (Fully Undetectable) tools, prompt and effective remediation becomes essential. Such advances in malicious tools can bypass traditional defenses, enabling persistent and stealthy attacks that can lead to severe data breaches, financial losses, and compromised systems if not quickly addressed.

Mitigation Strategies

• Enhanced Detection: Deploy advanced endpoint detection and response (EDR) solutions capable of identifying unusual behaviors linked to stealthy RATs.
• Threat Intelligence: Regularly update threat intelligence feeds to recognize new RAT signatures and tactics used by actors promoting these tools.
• Network Segmentation: Isolate critical systems to prevent lateral movement if a RAT gains initial access.
• User Training: Educate staff about phishing and social engineering techniques often used to install such malware.
• Firewall Rules: Tighten outbound and inbound firewall policies to block unauthorized remote connections.

Remediation Steps

• Immediate Quarantine: Quickly isolate infected devices to halt the spread and prevent further malicious communication.
• System Cleanup: Use specialized malware removal tools to thoroughly purge the RAT from affected systems.
• Patch and Update: Apply the latest security patches to close vulnerabilities that could be exploited by new RAT variants.
• Password Reset: Change credentials and enable multi-factor authentication to mitigate unauthorized access risks.
• Incident Analysis: Conduct a comprehensive investigation to understand the scope, method of infection, and potential data exfiltration, guiding future defenses.

Explore More Security Insights

Discover cutting-edge developments in Emerging Tech and industry Insights.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1