The Fortra Intelligence and Research Experts (FIRE) team is tracking an active phishing campaign distributing a Remote Access Trojan (RAT) that abuses Datto’s remote monitoring and management (RMM) platform, CentraStage, a legitimate enterprise IT management platform, as its command-and-control channel.
The malware is delivered via social engineering emails using lures such as fake Adobe installers, medical documents, and corporate invoices. Once installed, the attacker gains full interactive control of the compromised system, including screen viewing, keyboard and mouse control, file transfer, and command execution.
The full report can be found here.
