Persistence - 1

2026 (2)

March (1)

security: Signed malware impersonating workplace apps deploys RMM backdoors

Microsoft Security Blog

2026-03-03

Signed malware using a stolen EV code-signing certificate impersonated workplace apps to install legitimate remote monitoring and management (RMM) tools for persistent enterprise access. The post advises tightening certificate controls and monitoring RMM tool usage to reduce risk.

February (1)

security: New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

Microsoft Security Blog

2026-02-05

Microsoft reports a new ClickFix variant, “CrashFix,” that intentionally crashes browsers to trick users into running commands that install a Python-based remote access trojan (RAT). The campaign abuses built-in utilities (finger.exe) and a portable Python runtime to reduce detection and maintain persistence on targeted systems.