A sneaky new phishing campaign targeting German speakers. Attackers are using fake voicemail notifications on 86 compromised websites to trick users into downloading a malicious BAT file.
This file installs Remotely RMM, a legitimate remote monitoring and management tool that has been hijacked for unauthorized access. First spotted on January 12, 2026, the tactic blends social engineering with technical deception to bypass user suspicion and defenses.
The campaign exploits everyday expectations. Victims land on pages mimicking routine voicemail alerts, complete with simple German text urging them to “listen to your new message.”
These pages look harmless no flashy graphics or urgent warnings just functional prompts that feel like a normal phone carrier notice. Clicking leads straight to malware execution, turning a quick check into a complete system compromise.
Censys researchers mapped the full infection flow, revealing a streamlined five-step process designed for high success rates.
This threat highlights the dual-use risk of RMM tools legit for IT but deadly in the wrong hands. Enterprises should block unknown RMM installs via app allowlisting (e.g., Windows AppLocker) and monitor for anomalous processes.
The simplicity is the genius: Voicemail feels urgent yet innocuous, evading email filters. As RMM abuse rises (seen in prior campaigns like MgBot), vigilance on cloud-hosted decoys and BAT droppers is key. Stay tuned for updates as Censys tracks variants.Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
Exclusive Cyber Security News platform that provide in-depth analysis about Cyber Attacks, Malware infection, Data breaches, Vulnerabilities, New researches & other Cyber stories.
Contact Us: cyber.press@outlook.com
© Copyright 2024 – Cyber Press
Hackers Use Voicemail To Gain Remote Access To Victim Systems – Cyber Press
Related Posts
fev 6, 2026
fev 6, 2026
fev 6, 2026
