- Microsoft warns of phishing campaigns using fake conferencing tools
- Malware hidden using valid digital certificates
- Targeting businesses at scale with persistent backdoor risk
Microsoft is warning of a new phishing campaign aimed at deploying persistent backdoors on victims’ computers.
In an in-depth new analysis, the company’s researchers said they recently spotted several phishing campaigns, currently not attributed to known bad actors, that send emails containing weaponized PDF files (financial documents, invoices), fake meeting invitations or organizational notifications.
Using these files, attackers try to trick recipients into downloading fake video conferencing tools. Files with names like msteams.exe, trustconnectagent.exe and zoomworkspace.clientsetup.exe are distributed and, to make matters worse, are digitally signed using an extended validation certificate issued to TrustConnect Software PTY LTD.
What is TrustConnect?
In other words, the malware looked like legitimate, trustworthy software because it was signed with a certificate that normally proves the identity of a real company. As such, it passed through most antimalware solutions without raising any alarms.
This isn’t the first time we’ve heard about TrustConnect. In late February 2026, researchers reported finding a company by that name that by all accounts appeared legitimate, sporting a valid certificate (which costs thousands of dollars), a working RMM product, and a professional-looking website.
However, it was an elaborate plan to infect the company’s computers with a Remote Access Trojan (RAT). Ironically, the victims also had to pay $300 to purchase a license for the RMM.
When victims download and run these files, they get the legitimate tool, but they also get something they didn’t ask for: a regular (but unverified) remote management tool such as ScreenConnect, Tactical RMM, MeshAgent, and others.
The campaign does not appear to target any specific company or sector. Microsoft describes it instead as a large phishing campaign targeting professional users. We don’t know how many of these emails were sent or how many businesses were compromised.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
