- Microsoft warns of phishing campaigns with fake conferencing tools
- Malware disguised using valid digital certificates
- Broad enterprise targeting with persistent backdoor risk
Microsoft is warning of a new phishing campaign that aims to install persistent backdoors onto victim computers.
In a new in-depth analysis, the company’s researchers said they have recently seen several phishing campaigns, currently not attributed to any known threat actors, sending emails with weaponized PDF files (financial documents, invoices), fake meeting invitations or organizational messages.
Through these files, the attackers try to trick the recipients into downloading fake video conferencing tools. Files with names like msteams.exe, trustconnectagent.exe and zoomworkspace.clientsetup.exe are distributed and to make matters worse are digitally signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD.
What is TrustConnect?
In other words, the malware looked like legitimate, trusted software because it was signed with a certificate that usually proves the identity of a real company. As such, it passed most antimalware solutions without triggering any alerts.
This is not the first time we have heard about TrustConnect. In late February 2026, researchers reported finding a company with that name that appeared to be legitimate, with a valid certificate (costing thousands), a working RMM product, and a professional-looking website.
However, it was all a complicated plan to infect corporate computers with a Remote Access Trojan (RAT). Ironically, the victims were also charged $300 to purchase a license for RMM.
When victims download and run these files, they get the legitimate tool, but they also get something they didn’t ask for – a common (but unmonitored) remote management tool such as ScreenConnect, Tactical RMM, MeshAgent, and others.
The campaign does not appear to be targeting a specific company or industry, but Microsoft instead describes it as a broad phishing campaign aimed at business users. We do not know how many of these emails were sent or how many companies were compromised as a result.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
