Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures

Netskope Threat Labs is tracking active phishing campaigns that use fake video conference invites and "mandatory" update prompts to trick users into installing digitally signed RMM tools (Datto RMM, LogMeIn, ScreenConnect). By leveraging legitimate, signed remote monitoring and management agents, attackers gain persistent administrative access to endpoints, enabling sensitive data exfiltration, lateral movement, and large-scale malware or ransomware deployment across corporate environments.