ADVERTISEMENT

Attackers exploit Windows screensaver files to install remote access tools

A new spearphishing campaign is exploiting a little-used entry point into corporate networks: Windows screensaver files – a format many users and even security controls don’t typically treat as high risk.

Phishing screensaver

Getty Images

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Feb 5, 2026 2 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.

Screensavers used to quietly install remote access tools

ADVERTISEMENT

Previous incidents show how this tactic can scale

“It stands out because, unlike typical attacks, this marks the first time we’ve identified a campaign using business-themed lures to persuade users to download a .scr file—an often-overlooked executable—that then deploys an RMM tool for durable access and follow-on actions with unusual effectiveness.”
ReliaQuest.

ADVERTISEMENT