← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Actors abuse signed ConnectWise application as malware builder
Since March 2025, there has been a notable rise in malware infections utilizing validly signed ConnectWise software, indicative of bad signing practices exploited by threat actors. This trend is linked to a resurgence of abuse surrounding two vulnerabilities identified in February 2024, specifically CVE-2024-1708 and CVE-2024-1709. The current wave of malicious activities is attributable to a new strain of malware, termed "EvilConwi", which leverages these valid signatures to distribute fraudulent applications. Victims often report infections originating from phishing emails that lead to fake pages masquerading as legitimate applications. For instance, one prevalent scenario involved a user clicking on a OneDrive link that redirected them to a Canva page hiding a malicious ConnectWise installer within a download. Reports indicate that users experience symptoms such as their mouse moving erratically and fake Windows Update prompts during active remote connections, signaling a compromise.
Indicators of Compromise (19 / 74 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 0463fa0bb62c53ef3c8f6a2a7e3ff0d0 | MD5 of cb8a1a1e90c29461b0503e2c5deac7b673617477128ee3baea4d8134676c8af4 | 2025-06-29 | |
| FileHash-MD5 | 04c6a61db7897c883ed8c41db3aaaa2b | MD5 of d6844a6050d5f6c20a3fe12df28e53a2e46559e6c5017576022372e35ab44ff5 | 2025-06-29 | |
| FileHash-MD5 | 0e15d8e521480f967afc9b3e0e4f565a | MD5 of 41037935246da6f43615d93912bc62811c795ea4082a2bfdbf3eda53a012666e | 2025-06-29 | |
| FileHash-MD5 | 105fc1d09518cbf85dd0942febbf04bc | MD5 of 573f1eefac3079790a9ab40bdd3530ce34b1d2d1c6fa6703a5a8d81cb190a458 | 2025-06-29 | |
| FileHash-MD5 | 5370f6f24eaae4629226bcc09a79a82d | MD5 of 55a228f22f68b8a22967cc5b8b2fcbea66fcaf77bebedfb1f89cd134a0268653 | 2025-06-29 | |
| FileHash-MD5 | 55ec340886473f2c6e3e2f88fc7a3601 | MD5 of 1fc7f1ef95f064b6c6f79fd1a3445902b7d592d4ff9989175b7caae66dd4aa50 | 2025-06-29 | |
| FileHash-MD5 | 6d3cb1888170c60dad26ff23cdf03cf3 | MD5 of 72fe38ad67a26cfd89d1bfc744d33f80277e8eb564b5b92fdac46a9a24d845f3 | 2025-06-29 | |
| FileHash-MD5 | 7787024c736b43a6341c7c0a08fed67d | MD5 of c0c48de11bc4b70fb546b9a76b6126a355c0a0f4b45ed6b6564d8f3146c9f0af | 2025-06-29 | |
| FileHash-MD5 | 7ff3a5a0a2f240f1b14c78eeb50c6303 | MD5 of 98e3f74b733d4d44bec7b1bf29f7b0e83299350143ff1e05f0459571cb49c238 | 2025-06-29 | |
| FileHash-MD5 | 88cb3330f355639da0da85f8de3e8e61 | MD5 of 5ccc9ef3e8f7113469f4a46c3aca3939fd53b3561a9fd8ffacd531aa520c5921 | 2025-06-29 | |
| FileHash-MD5 | 911525671c9fd23005a07459b729b754 | MD5 of 67b909bbcce486baba59d66e3b4ec4c74dd64782051a41198085a5b3450d00c9 | 2025-06-29 | |
| FileHash-MD5 | 92c3cfc9f25013c5d8f2212fcc04c887 | MD5 of 540c9ae519ed2e7738f6d5b88b29fb7a86ebfce67914691ce17be62a9b228e0a | 2025-06-29 | |
| FileHash-MD5 | 9565d3f701436c3eac8b319e8e60f85f | MD5 of b1c36552556a69ec4264d54be929e458c985b83bbc42fe09714c6dce825ac9a7 | 2025-06-29 | |
| FileHash-MD5 | adfdd242fce1477a7e94e48eb502368c | MD5 of 7180238578817d3d62fd01fe4e52d532c8b3d2c25509b5d23cdabeb3a37318fc | 2025-06-29 | |
| FileHash-MD5 | b8b4072f727ff5439dfd5b6d137996c5 | MD5 of 6bce39b7d7552dbacbb4bdf06b76b4fed3fbb9fe4042b81be12fbdff92b8d95c | 2025-06-29 | |
| FileHash-MD5 | cc7d6afa15a06b1c74cd510a32a590a5 | MD5 of 8fc8727b6ddb28f76e46a0113400c541fb15581d2210814018b061bb250cc0e6 | 2025-06-29 | |
| FileHash-MD5 | cd284604ee21d1d9ede8d028c753f2a5 | MD5 of 28f46446d711208aa7686cdaea60d3a31e2b37b08db7cfb0ce350fcd357a0236 | 2025-06-29 | |
| FileHash-MD5 | dcf7aef6177e82202d4a9db07392b622 | MD5 of 6d9442ae6ba5a9f34a47e234b6047f61d8ac129e269199793ebb0bed1ad7e3ba | 2025-06-29 | |
| FileHash-MD5 | f729d82c4d34ce7c1c8e821294900ac0 | MD5 of 277ef6c0dcaf0e76291fbde0199dda1ca521c03e77dc56c54f5b9af8508e6029 | 2025-06-29 |