• bitcoinBitcoin (BTC) $ 62,970.00
  • ethereumEthereum (ETH) $ 1,760.60
  • tetherTether (USDT) $ 0.999316
  • bnbBNB (BNB) $ 571.04
  • usd-coinUSDC (USDC) $ 0.999925
  • xrpXRP (XRP) $ 1.10
  • solanaSolana (SOL) $ 79.19
  • tronTRON (TRX) $ 0.330489
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • hyperliquidHyperliquid (HYPE) $ 68.40
  • dogecoinDogecoin (DOGE) $ 0.072970
  • usdsUSDS (USDS) $ 0.999719
  • rainRain (RAIN) $ 0.014863
  • leo-tokenLEO Token (LEO) $ 9.44
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • zcashZcash (ZEC) $ 484.69
  • whitebitWhiteBIT Coin (WBT) $ 55.85
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • cardanoCardano (ADA) $ 0.172215
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • stellarStellar (XLM) $ 0.186054
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • moneroMonero (XMR) $ 331.13
  • chainlinkChainlink (LINK) $ 7.73
  • canton-networkCanton (CC) $ 0.129909
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • bitcoin-cashBitcoin Cash (BCH) $ 238.93
  • daiDai (DAI) $ 0.999736
  • usd1-wlfiUSD1 (USD1) $ 0.998960
  • susdssUSDS (SUSDS) $ 1.08
  • ethena-usdeEthena USDe (USDE) $ 0.998663
  • the-open-networkGram (prev. Toncoin) (GRAM) $ 1.60
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • litecoinLitecoin (LTC) $ 43.60
  • global-dollarGlobal Dollar (USDG) $ 0.999843
  • hashnote-usycCircle USYC (USYC) $ 1.13
  • wethWETH (WETH) $ 2,268.37
  • hedera-hashgraphHedera (HBAR) $ 0.070544
  • suiSui (SUI) $ 0.718157
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • usdt0USDT0 (USDT0) $ 0.998824
  • avalanche-2Avalanche (AVAX) $ 6.43
  • crypto-com-chainCronos (CRO) $ 0.056303
  • shiba-inuShiba Inu (SHIB) $ 0.000004
  • tether-goldTether Gold (XAUT) $ 4,115.60
  • nearNEAR Protocol (NEAR) $ 1.93
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.14
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • bittensorBittensor (TAO) $ 209.74
  • uniswapUniswap (UNI) $ 3.21
  • pax-goldPAX Gold (PAXG) $ 4,120.43
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.058555
  • memecoreMemeCore (M) $ 1.38
  • htx-daoHTX DAO (HTX) $ 0.000002
  • aster-2Aster (ASTER) $ 0.625386
  • okbOKB (OKB) $ 78.76
  • ondo-financeOndo (ONDO) $ 0.328920
  • ripple-usdRipple USD (RLUSD) $ 0.999844
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • usddUSDD (USDD) $ 1.00
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • falcon-financeFalcon USD (USDF) $ 0.996012
  • polkadotPolkadot (DOT) $ 0.836578
  • mantleMantle (MNT) $ 0.412971
  • aaveAave (AAVE) $ 88.62
  • worldcoin-wldWorldcoin (WLD) $ 0.377161
  • morphoMorpho (MORPHO) $ 2.03
  • bfusdBFUSD (BFUSD) $ 0.998103
  • dexeDeXe (DEXE) $ 28.11
  • skySky (SKY) $ 0.053281
  • internet-computerInternet Computer (ICP) $ 2.20
  • labLAB (LAB) $ 3.78
  • bitget-tokenBitget Token (BGB) $ 1.65
  • pi-networkPi Network (PI) $ 0.105331
  • pepePepe (PEPE) $ 0.000003
  • ethereum-classicEthereum Classic (ETC) $ 6.89
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • united-stablesUnited Stables (U) $ 0.999900
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.20
  • blockchain-capitalBlockchain Capital (BCAP) $ 106.63
  • quant-networkQuant (QNT) $ 65.93
  • kucoin-sharesKuCoin (KCS) $ 6.89
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.11
  • usdgoUSDGO (USDGO) $ 1.00
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • superstate-short-duration-us-government-securities-fund-ustbInvesco Short Duration US Government Securities Fund (USTB) $ 11.14
  • stable-2​​Stable (STABLE) $ 0.034669
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.076382
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • cosmosCosmos Hub (ATOM) $ 1.57
  • kaspaKaspa (KAS) $ 0.029146
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • render-tokenRender (RENDER) $ 1.54
  • justJUST (JST) $ 0.093408
  • wbnbWrapped BNB (WBNB) $ 759.61
  • jupiter-exchange-solanaJupiter (JUP) $ 0.231334
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • algorandAlgorand (ALGO) $ 0.085384
  • nexoNEXO (NEXO) $ 0.736136
  • adi-tokenADI (ADI) $ 5.82
  • usdtbUSDtb (USDTB) $ 1.00
  • audieraAudiera (BEAT) $ 2.34
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • gatechain-tokenGate (GT) $ 6.72
  • beldexBeldex (BDX) $ 0.090985
  • ethenaEthena (ENA) $ 0.074832
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • spiko-amundi-overnight-swap-fund-eurSpiko Amundi Overnight Swap Fund (EUR) (EURSAFO) $ 1.15
  • bianrensheng币安人生 (BinanceLife) (币安人生) $ 0.705762
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.04
  • pump-funPump.fun (PUMP) $ 0.001552
  • lighterLighter (LIT) $ 2.46
  • filecoinFilecoin (FIL) $ 0.764900
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • ghoGHO (GHO) $ 0.998582
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • flare-networksFlare (FLR) $ 0.006652
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • midnight-3Midnight (NIGHT) $ 0.033368
  • usual-usdUsual USD (USD0) $ 0.998657
  • aerodrome-financeAerodrome Finance (AERO) $ 0.565495
  • clbtcclBTC (CLBTC) $ 76,920.00
  • xdce-crowd-saleXDC Network (XDC) $ 0.027296
  • yldsYLDS (YLDS) $ 0.999821
  • aptosAptos (APT) $ 0.619670
  • venice-tokenVenice Token (VVV) $ 10.89
  • usxUSX (USX) $ 0.999613
  • true-usdTrueUSD (TUSD) $ 0.998063
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • a7a5A7A5 (A7A5) $ 0.012455
  • arbitrumArbitrum (ARB) $ 0.076412
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • injective-protocolInjective (INJ) $ 4.72
  • tbtctBTC (TBTC) $ 70,942.00
  • hash-2Provenance Blockchain (HASH) $ 0.008467
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.38
  • dashDash (DASH) $ 34.45
  • euro-coinEURC (EURC) $ 1.14
  • vechainVeChain (VET) $ 0.004698
  • ousgOndo Short-Term U.S. Government Bond Fund (OUSG) $ 115.82
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.006276
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • official-trumpOfficial Trump (TRUMP) $ 1.62
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • hastra-primeHastra PRIME (PRIME) $ 1.05
  • ether-fiEther.fi (ETHFI) $ 0.398267
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.162229
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • celestiaCelestia (TIA) $ 0.387575
  • cocaCOCA (COCA) $ 1.30
  • bonkBonk (BONK) $ 0.000004
  • sun-tokenSun Token (SUN) $ 0.018590
  • jito-governance-tokenJito (JTO) $ 0.721570
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.531314
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • pyth-networkPyth Network (PYTH) $ 0.044290
  • spx6900SPX6900 (SPX) $ 0.374978
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.997194
  • the9bitThe9bit (9BIT) $ 0.042627
  • layerzeroLayerZero (ZRO) $ 0.965655
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000061
  • apxusdapxUSD (APXUSD) $ 0.859692
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • sei-networkSei (SEI) $ 0.047326
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • curve-dao-tokenCurve DAO (CRV) $ 0.207657
  • kinesis-goldKinesis Gold (KAU) $ 132.66
  • blockstackStacks (STX) $ 0.162192
  • monadMonad (MON) $ 0.024587
  • tezosTezos (XTZ) $ 0.261205
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • gnosisGnosis (GNO) $ 104.22
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • lido-daoLido DAO (LDO) $ 0.322821
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • bitcoin-svBitcoin SV (BSV) $ 13.34
  • apenftAINFT (NFT) $ 0.00000027
  • noonNoon (NOON) $ 0.751949
  • royal-dollarRoyal Dollar (RUSD) $ 0.998700
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • bittorrentBitTorrent (BTT) $ 0.00000027
  • kite-2Kite (KITE) $ 0.108244
  • olympusOlympus (OHM) $ 17.11
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • pendlePendle (PENDLE) $ 1.49
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • plasmaPlasma (XPL) $ 0.095713
  • megausdMegaUSD (USDM) $ 1.00
  • doublezeroDoubleZero (2Z) $ 0.069730
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • grassGrass (GRASS) $ 0.374001

Ransomware Hackers Targeting Employee Monitoring Software To Access Computers

0 4


A popular workforce monitoring tool is being targeted by hackers and used as a foothold for ransomware attacks, according to a new report from cybersecurity firm Huntress.

In late January and early February 2026, Huntress’ Tactical Response team investigated two break-ins in which attackers combined Net Monitor for Employees Professional with SimpleHelp, a remote access tool used by IT departments.

TL;DR 📌 Cybercriminals turned employee monitoring software into a RAT, paired it with SimpleHelp, hunted crypto, and tried to drop Crazy ransomware.

The ethical badasses behind this write-up: @RussianPanda9xx, @sudo_Rem, @Purp1eW0lf, + @Antonlovesdnb

— Huntress (@HuntressLabs) February 13, 2026

According to the report, the hackers used the employee monitoring software to get into company systems and SimpleHelp to make sure they could stay there even if one access point was shut down. The activity eventually led to an attempted deployment of Crazy ransomware.

“These cases highlight a growing trend of threat actors leveraging legitimate, commercially available software to blend into enterprise environments,” Huntress researchers wrote.

“Net Monitor for Employees Professional, while marketed as a workforce monitoring tool, provides capabilities that rival traditional remote access trojans: reverse connections over common ports, process and service name masquerading, built-in shell execution, and the ability to silently deploy via standard Windows installation mechanisms. When paired with SimpleHelp as a secondary access channel … the result is a resilient, dual-tool foothold that is difficult to distinguish from legitimate administrative software.”

The company added that while the tools may be novel, the root cause remains exposed perimeters and weak identity hygiene, including compromised VPN accounts.

The rise of “bossware”

Use of so-called “bossware” varies globally but is widespread. Around a third of UK firms use employee monitoring software, according to a report last year, while in the U.S. the figure is estimated at roughly 60%.

The software is commonly deployed to track productivity, log activity and capture screenshots of workers’ screens. But its use is controversial, as are claims about whether it truly captures employee productivity or instead assesses based on arbitrary criteria such as mouse clicks or emails sent.

Nevertheless, their popularity makes such tools an attractive vector for attackers. Net Monitor for Employees Professional, developed by NetworkLookout, is marketed for employee productivity tracking but offers capabilities beyond passive screen monitoring, including reverse shell connections, remote desktop control, file management and the ability to customize service and process names during installation.

Those features, designed for legitimate administrative use, can allow threat actors to blend into enterprise environments without deploying traditional malware.

In the first case detailed by Huntress, investigators were alerted by suspicious account manipulation on a host, including efforts to disable the system Guest account and enable the built-in Administrator account. Multiple “net” commands were executed to enumerate users, reset passwords and create additional accounts.

Analysts traced the activity to a binary tied to Net Monitor for Employees, which had spawned a pseudo-terminal application allowing command execution. The tool pulled down a SimpleHelp binary from an external IP address, after which the attacker attempted to tamper with Windows Defender and deploy multiple versions of Crazy ransomware, part of the VoidCrypt family.

In the second intrusion, observed in early February, the attackers gained entry through a compromised vendor’s SSL VPN account and connected via Remote Desktop Protocol to a domain controller. From there, they installed the Net Monitor agent directly from the vendor’s website. The attackers customized service and process names to mimic legitimate Windows components, disguising the service as OneDrive-related and renaming the running process.

They then installed SimpleHelp as an additional persistent channel and configured keyword-based monitoring triggers targeting cryptocurrency wallets, exchanges and payment platforms, as well as other remote access tools. Huntress said the activity showed clear signs of financial motivation and deliberate defense evasion.

Network LookOut, the company behind Net Monitor for Employee, told Decrypt the agent can be installed only by a user who already has administrative privileges on the computer where the agent is to be installed. “Without administrative privileges, installation isn’t possible,” it said via email.

“So, if you don’t want our software installed on a computer, please ensure that administrative access is not granted to unauthorized users, since Administrative access allows installation of any software.”

It’s not the first time hackers have attempted to deploy ransomware or steal information via bossware. In April 2025, researchers revealed that WorkComposer, a workplace surveillance app used by more than 200,000 people, had left more than 21 million real-time screenshots exposed in an unsecured cloud storage bucket, potentially leaking sensitive business data, credentials and internal communications.



Source link

Leave A Reply

Your email address will not be published.