AnonymousMedia.org

Category: Uncategorized

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Ravie LakshmananJan 23, 2026Email Security / Endpoint Security

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts.

“Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust,” KnowBe4 Threat Labs researchers Jeewan Singh Jalal, Prabhakaran Ravichandhiran, and Anand Bodke said. “By stealing a ‘skeleton key’ to the system, they turn legitimate Remote Monitoring and Management (RMM) software into a persistent backdoor.”

The attack unfolds in two distinct waves, where the threat actors leverage fake invitation notifications to steal victim credentials, and then leverage those pilfered credentials to deploy RMM tools to establish persistent access.

The bogus emails are disguised as an invitation from a legitimate platform called Greenvelope, and aim to trick recipients into clicking on a phishing URL that’s designed to harvest their Microsoft Outlook, Yahoo!, AOL.com login information. Once this information is obtained, the attack moves to the next phase.

Specifically, this involves the threat actor registering with LogMeIn using the compromised email to generate RMM access tokens, which are then deployed in a follow-on attack through an executable named “GreenVelopeCard.exe” to establish persistent remote access to victim systems.

The binary, signed with a valid certificate, contains a JSON configuration that acts as a conduit to silently install LogMeIn Resolve (formerly GoTo Resolve) and connect to an attacker-controlled URL without the victim’s knowledge.

With the RMM tool now deployed, the threat actors weaponize the remote access to alter its service settings so that it runs with unrestricted access on Windows. The attack also establishes hidden scheduled tasks to automatically launch the RMM program even if it’s manually terminated by the user.

To counter the threat, it’s advised that organizations monitor for unauthorized RMM installations and usage patterns.

Source link

01/25/2026
Unpicking the second Minneapolis shooting frame by frame

Bystander video footage has captured the moments before the killing of 37-year-old Minneapolis man Alex Pretti by federal immigration officers.

The killing comes less than three weeks after Renee Good was shot dead by an immigration agent in the city.

BBC Verify has analysed footage of the shooting from multiple angles, piecing together a detailed picture of what happened.

Ros Atkins’ report contains distressing images.

Verification by Emma Pengelly, Paul Brown and Benedict Garman. Graphics by Mesut Ersoz. Video produced by Tom Joyner.

Source link

01/25/2026
Kenya’s ex-deputy president Rigathi Gachagua alleges assassination attempt in church attack

Alfred Lasteck,BBC Africaand

Lucy Fleming

AFP/Getty Images

Rigathi Gachagu is a wealthy businessman popular in his home region of Mount Kenya

Prominent Kenyan opposition figure Rigathi Gachagua has alleged there was an attempt on his life during a Sunday church service.

Gachagua, who was sacked as deputy president in an impeachment trial in 2024, claimed a gang of rogue police officers had attacked the church in Othaya in the central county of Nyeri, using bullets and tear gas.

Without providing evidence, he accused his former ally President William Ruto of ordering the attack. Ruto has not commented but Interior Minister Kipchumba Murkomen condemned the violence, calling it unacceptable.

The police said an investigation had been launched, adding that no injuries had been reported.

Reports to the police indicated that a tear-gas canister had been thrown inside St Peters Anglican Church at 11:00 local time (08:00 GMT) disrupting the service.

Several vehicles were reportedly damaged within the church compound, the police added, appealing for witnesses.

Gachagua, a wealthy businessman from the central Mount Kenya area and now a vocal critic of the president, said he was escorted to safety by his security team.

He had posted photos of the incident on X and later held a news conference where he dismissed suggestions from pro-government bloggers that the attack had been stage-managed.

“Where can we get access to tear gas?… Where do we get access to AK-47 assault rifles?” the Democracy for the Citizens Party leader asked.

@rigathi

Rigathi Gachagua posted photos on X showing the chaos at the church compound

Murkomen said the police chief had promised him that the attackers would be brought to justice.

“Violence anywhere, and least of all in a place of worship, is unacceptable,” the interior minister said in a post on X.

“The police must move without fear or favour and deal decisively with the sponsors and perpetrators of this act without regard to their status in society or political affiliation.”

According to Kenya’s constitution, Gachagua’s conviction by the senate means he cannot hold public office again.

He had pleaded not guilty to 11 charges of which he was found guilty of five, including inciting ethnic divisions and violating his oath of office.

However the politician, popularly known as Riggy G, maintains he will be on the presidential ballot next year as he is appealing and the Supreme Court has not ruled on his impeachment.

Ruto and Gachagua were elected on a joint ticket in 2022 – and the partnership helped Ruto win by marshalling support in Mount Kenya, the heartland of the Kikuyu people who are the largest voting bloc in Kenya.

You may also be interested in:

Getty Images/BBC

Source link

01/25/2026