- Microsoft warns of phishing campaigns using fake conferencing tools
- Malware disguised as valid digital certificates
- Broad business orientation with persistent backdoor risk
Microsoft is warning of a new phishing campaign aimed at deploying persistent backdoors on victims’ computers.
In a new in-depth analysis, the company’s researchers said they recently detected multiple phishing campaigns, currently not attributed to any known threat actors, sending emails with weaponized PDF files (financial documents, invoices), fake meeting invitations, or organizational notifications.
Through these files, attackers try to trick recipients into downloading fake video conferencing tools. Files with names like msteams.exe, trustconnectagent.exe and zoomworkspace.clientsetup.exe are distributed and to make matters worse, they are digitally signed using an extended validation certificate issued to TrustConnect Software PTY LTD.
What is TrustConnect?
In other words, the malware looked like legitimate, trustworthy software because it was signed with a certificate that typically proves the identity of a real company. As such, it went through most anti-malware solutions without raising any alarms.
This isn’t the first time we’ve heard about TrustConnect. In late February 2026, researchers reported finding a company by that name that by all accounts appeared legitimate, with a valid certificate (costing thousands), a functional RMM product, and a professional-looking website.
However, it was all an elaborate plan to infect corporate computers with a Remote Access Trojan (RAT). Ironically, victims were also charged $300 to purchase a license for the RMM.
When victims download and run these files, they get the legitimate tool, but they also get something they didn’t ask for: a regular (but unvetted) remote management tool like ScreenConnect, Tactical RMM, MeshAgent, and others.
The campaign does not appear to be targeted at a specific company or industry. Instead, Microsoft describes it as a broad phishing campaign targeting business users. We don’t know how many of these emails were sent or how many companies were compromised as a result.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
