Attackers Weaponize RMM Tools via Zoom, Meet, & Teams Lures
Essential information
- Published
- 13/02/2026 09:23
- Modified
- 13/02/2026 12:54
- Tags
- 2026-02-13 datto rmm phishing remote monitoring tools social engineering
- Related entities
- 12 observables, 9 techniques (mitre), 3 malware, 2 others
Description
Netskope Threat Labs has identified multiple phishing campaigns exploiting video conference invitations from Zoom, Microsoft Teams, and Google Meet. The attackers use fake meeting invites to trick users into downloading malicious payloads disguised as software updates. These payloads are actually legitimate, digitally signed remote monitoring and management (RMM) tools like Datto RMM, LogMeIn, or ScreenConnect. By leveraging these tools, attackers gain administrative remote access to victims' machines, potentially leading to data theft or further malware deployment. The campaigns use convincing phishing pages that mimic legitimate video conferencing platforms, exploiting users' urgency to join scheduled calls. This sophisticated approach allows attackers to bypass traditional security measures and establish a persistent foothold in corporate networks.