{"id":16400,"date":"2026-06-16T15:22:30","date_gmt":"2026-06-16T12:22:30","guid":{"rendered":"https:\/\/investn24.com\/?p=16400"},"modified":"2026-06-16T15:22:30","modified_gmt":"2026-06-16T12:22:30","slug":"hp-research-who-has-the-remote-attackers-are-turning-legitimate-remote-access-tools-into-backdoors","status":"publish","type":"post","link":"https:\/\/investn24.com\/?p=16400","title":{"rendered":"HP Research: Who Has the Remote? Attackers Are Turning Legitimate Remote Access Tools Into Backdoors"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p><em>\u00a0<\/em><\/p>\n<p><em>HP threat researchers found attackers using tax year-end phishing lures, fake dating app downloads, bogus crypto wallet recovery tools and spoofed audio files to take over people\u2019s PCs.<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Riyadh, Saudi Arabia., 15 June 2026 \u2013 <\/strong>HP Inc. (NYSE: HPQ) today issued its latest <a href=\"https:\/\/threatresearch.ext.hp.com\/hp-wolf-security-threat-insights-report-june-2026\/\">Threat Insights Report<\/a>, which shows attackers using trusted software, disguised malware and increasingly believable lures to gain access to user devices. The research highlights a growing challenge for both users and defenders as malicious activity becomes harder to distinguish from legitimate behavior.<\/p>\n<p>The report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security*, notable campaigns identified by HP Wolf Security threat researchers include:<\/p>\n<ul>\n<li><strong>Legitimate Remote Access Tools Abused for Backdoor Access:<\/strong> Cybercriminals are abusing applications like LogMeIn and ScreenConnect to take control of victim devices without raising suspicion. Campaigns first used tax year-end phishing emails and fake desktop app downloads \u2013 including dating websites \u2013 to then persuade users into installing legitimate remote access tools. These tools are controlled by the attackers and help them to blend in with normal IT activity, giving total control over user devices.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><strong>Attackers Preying On Desperate Users Trying to Recover Lost Crypto Wallets:<\/strong> Fake crypto wallet recovery tools are being spread by attackers who claim to be helping users locate lost wallets but instead steal them. Often shared via code-sharing platforms and media download sites, the emoji-filled infostealer scripts appear to be \u201cvibe-coded\u201d, capable of harvesting credentials, wallet and system data before packaging it into archive files for exfiltration.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><strong>ClickFix Campaigns Hide Malware in \u2018Audio\u2019 Files:<\/strong> Attackers behind recent ClickFix campaigns are disguising malware as audio files to evade detection. Victims are guided through realistic CAPTCHA prompts on well-designed fake websites, triggering malicious commands that quietly execute disguised payloads in the background.<\/li>\n<\/ul>\n<p>Patrick Schl\u00e4pfer, Principal Threat Researcher, HP Security Lab, comments: \u201cWhat stands out in these campaigns is how easily legitimate remote access tools are being turned into entry points for attackers. By combining trusted software with carefully designed social engineering \u2013 tied to events like the end of the tax year \u2013 it\u2019s getting even harder to distinguish what can and can\u2019t be trusted.\u201d<\/p>\n<p>By isolating threats that have evaded detection tools on PCs \u2013 but still allowing malware to detonate safely inside secure containers \u2013 HP Wolf Security has insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 60 billion email attachments, web pages, and downloaded files with no reported breaches.<\/p>\n<p>The report, which examines data from January-March 2026, details how cybercriminals continue to diversify attack methods to bypass security tools revealing that:<\/p>\n<ul>\n<li>At least 11% of email threats identified by HP Sure Click bypassed one or more email gateway scanners.<\/li>\n<li>Executable files were the most popular malware delivery type (39%), followed by archive files (38%) and PDF documents (10%).\n<ul>\n<li>PDF-based malware increased 2%, with attackers using a wide range of lures such as court documents and bonus payments to create urgency and drive clicks.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Alex Holland, Principal Threat Researcher, HP Security Lab, comments: \u201cThese attacks don\u2019t look like break-ins \u2013 they look like business as usual, blending in with normal IT activity and avoiding the warning signs associated with malware. To secure the future of work and reduce risk, organizations should restrict unnecessary privileges, control software installation, and isolate risky activity such as downloads and unknown links. Detection alone is not enough when legitimate tools are being turned into backdoors.\u201d<\/p>\n<p>Please visit the HP <a href=\"https:\/\/threatresearch.ext.hp.com\/hp-wolf-security-threat-insights-report-june-2026\/\">Threat Research blog<\/a> to view the report.<\/p>\n<p><em>\u00a0<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; \u00a0 HP threat researchers found attackers using tax year-end phishing lures, fake dating app downloads, bogus crypto wallet recovery tools and spoofed audio files to take over people\u2019s PCs. &nbsp; &nbsp; Riyadh, Saudi Arabia., 15 June 2026 \u2013 HP Inc. (NYSE: HPQ) today issued its latest Threat Insights Report, which shows attackers using trusted<\/p>\n","protected":false},"author":10,"featured_media":16401,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-16400","post","type-post","status-publish","format-standard","has-post-thumbnail","category-english-news"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/investn24.com\/index.php?rest_route=\/wp\/v2\/posts\/16400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/investn24.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/investn24.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/investn24.com\/index.php?rest_route=\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/investn24.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16400"}],"version-history":[{"count":1,"href":"https:\/\/investn24.com\/index.php?rest_route=\/wp\/v2\/posts\/16400\/revisions"}],"predecessor-version":[{"id":16402,"href":"https:\/\/investn24.com\/index.php?rest_route=\/wp\/v2\/posts\/16400\/revisions\/16402"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/investn24.com\/index.php?rest_route=\/wp\/v2\/media\/16401"}],"wp:attachment":[{"href":"https:\/\/investn24.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/investn24.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/investn24.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}