Threats Tagged 'silentconnect'
View all threats tagged with 'silentconnect'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'silentconnect'
Click on any threat for detailed analysis and mitigation recommendations
From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect 0 A newly discovered loader called SILENTCONNECT is being used in active campaigns to silently install ScreenConnect, a remote monitoring and management tool, on victim machines. The infection chain begins with users being redirected to a Cloudflare Turnstile CAPTCHA page disguised as a digital invitation. Upon clicking, a VBScript file is downloaded, which retrieves and executes C# source code in memory using PowerShell. SILENTCONNECT employs various evasion techniques, including PEB masquerading and UAC bypass. The campaigns leverage trusted hosting providers like Google Drive and Cloudflare, and abuse living-off-the-land binaries. The loader has been active since March 2025 and poses a significant threat due to its stealthy nature and effectiveness. Join the discussion | AlienVault OTX General | 03/19/2026, 11:00:49 UTC Added: 03/19/2026, 13:38:59 UTC |
Showing 1 to 1 of 1 result