Attackers Use Windows Screensavers to Drop Malware, RMM Tools

Posted on March 10, 2026

In a novel approach to spear phishing, threat actors are using Windows screensaver files (.scr) to get past defender lines and compromise organizations. ReliaQuest Threat Research published research today detailing how attackers lured multiple users into running a Windows screensaver file, which installs a remote monitoring and management (RMM) tool, giving the attacker interactive remote control over the target’s operating system.

Relevant URL: https://www.darkreading.com/application-security/attackers-use-screensavers-drop-malware-rmm-tools

Trusted Cybersecurity Advisors

Secure Your Bank's Future

Partner with our skilled specialists to unlock advanced cybersecurity and compliance solutions tailored to your bank's unique needs. Benefit from our expertise and experience in providing robust protection for financial institutions across the nation. Don't hesitate - secure your bank's future today.

Contact Our Experts

Attackers Use Windows Screensavers to Drop Malware, RMM Tools

Newsletter Signup

Related Posts

Secure Your Bank's Future