Hello to all our Cyber Pals! Host Selena Larson and co-host, Tim Kromphardt, chat with Tommy Madjar, Senior Threat Researcher from Proofpoint, to unpack one of the strangest malware investigations of the year: TrustConnect RAT.
What started as a seemingly legitimate remote management tool quickly unraveled into a bizarre, fast-evolving ecosystem of “vibe-coded” malware. TrustConnect masqueraded as a polished RMM platform—complete with fake testimonials, inflated customer counts, and even an extended validation (EV) code-signing certificate to appear trustworthy. But beneath the surface? Sloppy AI-generated web panels, exposed administrative pages, and a backend that literally labeled infected machines as “victims.”
Tommy walks through how the team discovered the malware, why attackers are increasingly building their own fake RMM platforms instead of abusing legitimate ones, and how the use of EV certificates helped the malware evade detection across security tools.
The conversation also dives into:
The explosion of legitimate RMM abuse in cybercrime
How AI-assisted “vibe coding” is lowering the barrier to entry for malware development
The surprising operational security failures that exposed both the malware author and their customers
Connections to past crimeware activity and possible ties to known actors
The rapid evolution of the “Connect” malware family, including newly spotted variants
How Proofpoint disrupted the operation by working with partners to revoke certificates and take down infrastructure
Along the way, the team explores a broader theme: what happens when threat actors move fast with AI—but don’t fully understand security fundamentals?
Podden och tillhörande omslagsbild på den här sidan tillhör
Proofpoint. Innehållet i podden är skapat av Proofpoint och inte av,
eller tillsammans med, Poddtoppen.