Since March 2025, threat actors have increasingly weaponized ConnectWise ScreenConnect installers — using trojanized, stripped-down ClickOnce runners and other delivery tricks to convert a trusted remote administration tool into a stealthy initial-access vector that drops multiple RATs and...