TECH NEWS

Threat Actors Deploy Tiflux RMM For Persistent Remote Access

https://informationsecuritybuzz.com/wp-content/uploads/Tiflux-RMM.jpg

Threat actors are abusing legitimate RMM tools as a means of creating persistence inside victims’ systems, using the Tiflux RMM tool.

Tiflux is a reputable Brazilian software platform used by IT departments and Managed Service Providers (MSPs) for managing IT assets, tickets, teams, and remote monitoring.

As reported by Huntress, the campaign is using Tiflux RMM as part of phishing attacks that deploy fake documents followed by remote access tools like Splashtop, UltraVNC, and ScreenConnect.

In essence, this attack campaign is among many others in which malefactors have turned to legitimate software to avoid detection.

Malspam and fake document lures

Huntress noted an increase in Tiflux incidents beginning at the end of February 2026, including one incident involving a phishing email that included a false service agreement document.

Victims who fell prey to the phishing campaign were redirected via CAPTCHA-like websites set up by the attacker before downloading...

Copyright of this story solely belongs to informationsecuritybuzz.com. To see the full text click HERE

Read more