May 2025 Report: Cybercriminals Exploit Legitimate Remote Access Tools for Malware Distribution

The May 2025 report from Cofense Intelligence reveals that cybercriminals are exploiting legitimate remote access tools such as ConnectWise and Splashtop to distribute malware and steal data. ConnectWise ScreenConnect tops the list of abused RATs in 2025 attacks. This growing threat utilizes legitimate tools for malicious activities, thereby increasing risks for businesses and users.