Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools

ANY.RUN reports a phishing-to-remote-access campaign where a fake Word Online preview lures victims to download an MSI that is silently executed (Ninite), installs ScreenConnect remote access, and uses HideUL to conceal activity—creating an enterprise blind spot as trusted tools mask an active intrusion and delay prioritization and response.