Kickidler employee monitoring software abused in ransomware attacks

Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims' activity, and harvesting credentials after breaching their networks. In attacks observed by cybersecurity companies Varonis and Synacktiv, Qilin and Hunters International ransomware affiliates installed Kickidler, an employee monitoring tool that can capture keystrokes, take screenshots, and create videos of the screen. Kickidler's developer says the tool is used by over 5,000 organizations from 60 countries and provides visual monitoring and data loss prevention features. The attacks started with the threat actors taking out Google Ads displayed when people searched for RVTools, a free Windows utility for managing VMware vSphere deployments. Clicking on the advertisement led to a fake RVTools site (rv-tool[.]net), promoting a trojanized program version. The program is a malware loader that downloads and runs the SMOKEDHAM PowerShell .NET backdoor, which was ... Read full article.