A recent investigation has revealed that a trojanized Microsoft Teams installer, named MSTeamsSetup.exe, is being used to distribute a malicious version of the RustDesk remote access client. This executable file, masquerading as legitimate software, is signed with a fraudulent certificate issued to Zlatin Stamatov by Certum. The command-and-control (C2) domain associated with this operation, http://mon.systemautoupdater.com, resolves to an IP address of 23.27.141.44, which is hosted by EvoXT, a provider linked to previous cybercrime activities involving the GeorgeGinx/Striker investigation. The fraudulent certificate suggests possible identity deception linked to a legitimate UK brake caliper refurbishment business, http://calipology.co.uk.