{"id":182304,"date":"2026-01-28T08:34:00","date_gmt":"2026-01-28T13:34:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/28\/goto-resolve-tools-background-activities-compared-to-ransomware-tactics-hackread-cybersecurity-news-data-breaches-ai-and-more\/"},"modified":"2026-01-28T08:45:09","modified_gmt":"2026-01-28T13:45:09","slug":"goto-resolve-tools-background-activities-compared-to-ransomware-tactics-hackread-cybersecurity-news-data-breaches-ai-and-more","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/28\/goto-resolve-tools-background-activities-compared-to-ransomware-tactics-hackread-cybersecurity-news-data-breaches-ai-and-more\/","title":{"rendered":"GoTo Resolve Tool\u2019s Background Activities Compared to Ransomware Tactics \u2013 Hackread \u2013 Cybersecurity News, Data Breaches, AI, and More"},"content":{"rendered":"<p><a href=\"https:\/\/hackread.com\/goto-resolve-activities-ransomware-tactics\/\">GoTo Resolve Tool\u2019s Background Activities Compared to Ransomware Tactics \u2013 Hackread \u2013 Cybersecurity News, Data Breaches, AI, and More<\/a><\/p>\n<p><a href=\"https:\/\/hackread.com\/goto-resolve-activities-ransomware-tactics\/\">https:\/\/hackread.com\/goto-resolve-activities-ransomware-tactics\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-28 08:34:00<\/a><\/p>\n<p>Source Domain: <a href=\"hackread.com\">hackread.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>A new security alert has been issued over a computer program that is acting as a silent gateway for intruders. The tool, known by the technical name HEURRemoteAdmin.GoToResolve.gen, is being called a \u201cPotentially Unwanted Application\u201d (PUA) by experts because of the way it hides its activity from the person using the computer.<\/p>\n<p>The findings come from the Lat61 Threat Intelligence Team at Point Wild, a data breach prevention firm. In a report shared with Hackread.com, the team explained how this software can turn a standard work tool into a major security risk.<\/p>\n<p>Background activity you can\u2019t see<\/p>\n<p>Most of us expect to see a pop-up or a loading bar when new software arrives on our machines. But the Lat61 team noted that this tool can install itself \u201csilently\u201d and keep a \u201cpersistent presence,\u201d by hiding deep in the system within a folder named C:Program Files (x86)GoTo Resolve Unattended.<\/p>\n<p>While the program is a part of GoTo Resolve (formerly known as LogMeIn)- a legitimate service used by IT support- it can be hijacked. Investigation revealed a bundled file called \u201c32000~\u201d inside the installer containing the secret instructions for managing the app. Because it runs in the background without any user interaction, it creates what experts call a \u201cpotential attack surface.\u201d This is basically like an unlocked window that a hacker could use to get inside and take control.<\/p>\n<p>The bundled file 32000~ (source: Point Wild)<\/p>\n<p>A link to ransomware tactics<\/p>\n<p>The most worrying part of the discovery involves a file called the Restart Manager (RstrtMgr.dll). While this is a standard part of Windows, it has a dark history because this library has been used by notorious groups like Conti and Cactus ransomware, as well as the BiBi wiper, to \u201cterminate interfering processes.\u201d<\/p>\n<p>By loading this component, the software could shut down your antivirus or other security programs, leaving the computer defenseless while a hacker prepares a full-scale attack.<\/p>\n<p>\u201cThe RstrtMgr DLL (Restart Manager) is being loaded by an uncommon process. This library has been used during ransomware campaigns to kill processes that would prevent file encryption by locking them (e.g., Conti ransomware, Cactus ransomware). It has also recently been seen used by the BiBi wiper for Windows. It could also be used for anti-analysis purposes by shutting down specific processes.\u201d<br \/>\n Lat61 Threat Intelligence Team \u2013 Point Wild<\/p>\n<p>Don\u2019t let the \u2018official\u2019 signature fool you<\/p>\n<p>For an unsuspecting user, the software looks perfectly safe. It has a valid digital signature from GoTo Technologies USA, LLC, which usually acts as a \u201cgreen light\u201d for Windows to let it run. <\/p>\n<p>However, as we know it, even official tools can be used for the wrong reasons, and researchers at Point Wild also state that \u201ca valid digital signature does not eliminate the risk of misuse.\u201d So, unless this software has been specifically authorised by your company\u2019s security team, it should be treated as a high-level risk and removed to keep your data safe.<\/p>\n<p>Digital Signature from GoTo Technologies USA, LLC<\/p>\n<p>Dr. Zulfikar Ramzan, CTO of Point Wild and Head of the Lat61 Threat Intelligence Team, says this is a growing trend, and the software\u2019s ability to hide its tracks signals a \u201cdangerous pre-positioning\u201d of a computer for more destructive strikes.<\/p>\n<p>\u201cGoToResolve is a proof point of a rising trend in malware: the exploitation of legitimate remote administration tools by threat actors. Its silent execution and ability to load the Windows Restart Manager signal a dangerous pre-positioning of the system for subsequent, more destructive attacks.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GoTo Resolve Tool\u2019s Background Activities Compared to Ransomware Tactics \u2013 Hackread \u2013 Cybersecurity News, Data&#8230;<\/p>\n","protected":false},"author":1,"featured_media":182305,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/hackread.com\/wp-content\/uploads\/2026\/01\/goto-resolve-flagged-abuse-ransomware-tactics-1024x611.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,35,32],"class_list":["post-182304","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-hacker","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182304"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=182304"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182304\/revisions"}],"predecessor-version":[{"id":182306,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182304\/revisions\/182306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/182305"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=182304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=182304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=182304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}