Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT.

Kaspersky said the activity is part of a “massive, multi-domain, multi-language” campaign that distributes malicious installer archives hosted on spoofed websites.

These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, and Bandicam, among others.