Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's Authenticode signature.

The latest news about Authenticode StuffingHackers turn ScreenConnect into malware using Authenticode stuffing Threat actors are abusing the ConnectWise ScreenConnect installer to build signed ...

I also noticed that various dependencies (like modelcontextprotocol.dll) aren't Authenticode signed either, but I'm not sure what the expectations are around that.

Contribute to ME3Tweaks/AuthenticodeExaminer development by creating an account on GitHub.