What is the LogMeIn Resolve phishing campaign?

It's a phishing op using fake invites to drop RMM tools for remote access, tracked as STAC6405 by Sophos, hitting 80+ orgs.

How do attackers use RMM tools like ScreenConnect after initial access?

They chain to download infostealers or more RMMs, grabbing data or expanding footholds without immediate noise.

Is the fake invite malware campaign still active?

Yes — some phishing links remain live, per Sophos' latest checks.

🦠 Ransomware & Malware

Fake Party Invites Are Handing Hackers the Keys to Your PC

Imagine clicking a 'SPECIAL INVITATION' email, only for it to install remote control software on your work PC. That's the slick phishing ploy hitting companies right now.

theAIcatchup Apr 09, 2026 3 min read

Screenshot of fake Punchbowl invitation phishing email leading to RMM malware download

⚡ Key Takeaways

Phishers abuse legit RMM tools like LogMeIn Resolve via fake event invites for stealthy remote access. 𝕏
Over 80 US organizations hit; attackers often lurk or sell access rather than escalate immediately. 𝕏
Campaign (STAC6405) persists—block .exe invites and monitor RMM sessions to stay safe. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#LogMeIn Resolve #RMM malware #infostealer #phishing campaign

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Sophos Threat Research

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

0ktapus Phishing Snags 10,000 Credentials Across 130 Companies—Your MFA Is the Weak Link

Casbaneiro Gang's Sneaky Dynamic PDFs Hit Enterprises in LatAm and Europe

AI Malware: All Sizzle, No Real Steak Yet

CrystalRAT: Malware That Flips Your Screen While Stealing Your Data

Stay in the loop