Greenvelope phishing-to-LogMeIn Resolve dual-vector campaign
Campaign
Summary
Hide ▲
Show ▼
A dual-vector phishing campaign is using fake Greenvelope invitations and stolen credentials to establish persistent remote access on compromised hosts, turning legitimate admin software into a covert foothold. The operation matters because it bypasses traditional defenses by abusing trusted tools instead of custom malware. It targets email users and then extends access through a follow-on RMM deployment chain.
Related Happenings
GS7 Operation DoppelBrand phishing campaign targeting Fortune 500 firms
Campaign
First: 16.02.2026 17:45
Last: 16.02.2026 17:45
Sources 1
About this happening:
A **phishing campaign** dubbed **Operation DoppelBrand** is stealing credentials from **Fortune 500** financial, insurance, technology and healthcare brands across the **US** and...
GS7 Operation DoppelBrand phishing campaign targeting Fortune 500 firms
CampaignAbout this happening: A **phishing campaign** dubbed **Operation DoppelBrand** is stealing credentials from **Fortune 500** financial, insurance, technology and healthcare brands across the **US** and...
Phishing-led RMM abuse campaign using fake PayPal alerts
Campaign
First: 14.01.2026 18:00
Last: 14.01.2026 18:00
Sources 1
About this happening:
A **phishing-led intrusion campaign** is abusing legitimate **RMM tools** to move from personal accounts into corporate environments, creating stealthy remote access and persisten...
Phishing-led RMM abuse campaign using fake PayPal alerts
CampaignAbout this happening: A **phishing-led intrusion campaign** is abusing legitimate **RMM tools** to move from personal accounts into corporate environments, creating stealthy remote access and persisten...
North American trucking and logistics RMM social-engineering campaign
Campaign
First: 03.11.2025 17:00
Last: 03.11.2025 17:00
Sources 1
About this happening:
**North American trucking and logistics companies** are facing an active **social-engineering campaign** that uses fraudulent freight lures, email thread hijacking, and malicious...
North American trucking and logistics RMM social-engineering campaign
CampaignAbout this happening: **North American trucking and logistics companies** are facing an active **social-engineering campaign** that uses fraudulent freight lures, email thread hijacking, and malicious...
Booby-trapped installers deploying ScreenConnect and other RMM tools
Malware Activity
First: 03.11.2025 15:18
Last: 03.11.2025 15:18
Sources 1
About this happening:
Attackers are using **booby-trapped MSI installers** and executables to deploy legitimate **RMM tools** and gain covert remote access inside targeted networks. The malware activit...
Booby-trapped installers deploying ScreenConnect and other RMM tools
Malware ActivityAbout this happening: Attackers are using **booby-trapped MSI installers** and executables to deploy legitimate **RMM tools** and gain covert remote access inside targeted networks. The malware activit...
Timeline
-
23.01.2026 13:18 2 articles · 4mo ago
Dual-vector phishing campaign deploys LogMeIn Resolve for persistent access
Initial DisclosureFake Greenvelope invitation emails are used to harvest Microsoft Outlook, Yahoo!, and AOL.com credentials, which are then reused to register with LogMeIn, generate RMM access tokens, and deploy GreenVelopeCard.exe to silently install LogMeIn Resolve (formerly GoTo Resolve) on compromised Windows hosts. The follow-on access is reinforced by changing service settings for unrestricted operation and creating hidden scheduled tasks that relaunch the RMM tool if it is terminated.
Show sources
- Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access — thehackernews.com — 23.01.2026 13:18
- Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access — thehackernews.com — 23.01.2026 13:18