RMM Tools Fuel Stealthy Phishing Campaign

VENOMOUS#HELPER is an active, targeted phishing campaign that lures victims with fake Social Security Administration statements to deploy malicious executables which install two legitimately signed RMM tools (SimpleHelp and ScreenConnect). Attackers use SimpleHelp for scripted/background monitoring and ScreenConnect for interactive control, enabling stealthy persistence and hands-on access; the operation has impacted more than 80 organizations across multiple regions and is assessed as likely financially motivated (IAB or ransomware precursor).