What RemoteShield Blocks

Our threat database is updated automatically and currently blocks 255 known threats across remote access tools, remote access trojans, and data exfiltration utilities. Here's what we protect you from — and why.

255
Blocked Apps
44
Blocked Signers
14
Blocked Ports
65
Product Signatures

Why does this matter?

Remote access scams are the fastest-growing fraud category in Australia. Scammers call victims pretending to be from Microsoft, their bank, the ATO, or a tech support company. They convince the victim to download a remote access tool — usually AnyDesk, TeamViewer, or Quick Assist — and once connected, they have full control of the computer. From there, they access bank accounts, steal personal data, and drain savings.

According to the National Anti-Scam Centre, Australians over 65 lost an average of $17,943 per successful scam of this kind in Q1 2024. The tools themselves are legitimate — that's what makes them so dangerous. Antivirus software won't flag AnyDesk because AnyDesk isn't malware. But in the hands of a scammer, it's a weapon.

RemoteShield solves this by blocking the tools before a scammer can use them. The moment a blocked application starts, RemoteShield terminates it — no user decision required, no dialog to click through, no chance for the scammer to talk the victim into allowing it.

Remote Access Tools (191 blocked)

Legitimate software that scammers weaponise to take control of victims' computers.

Most commonly used in scams

AnyDesk
The #1 tool in Australian scam calls. Free, no account needed, instant connection. Scammers love it because victims can be talked through downloading it in under 60 seconds.
TeamViewer
The second most common tool in tech support scams. Well-known brand that victims trust because they've heard the name before.
Zoho Assist
Increasingly common in Australian scams. Free tier, no install required for the "assisted" mode — the scammer sends a link and the victim just clicks it.
Quick Assist
Built into Windows 10/11. Scammers use it because it's already on the computer — no download needed. Microsoft themselves have warned about its abuse.
UltraViewer
Popular in Southeast Asian scam operations targeting Australian victims. Lightweight, no installation required.

Also blocked

RemoteShield doesn't just block the obvious ones. We block the entire ecosystem of remote access tools that scammers are known to use, including enterprise IT management tools that have been weaponised in recent campaigns.

Supremo AeroAdmin RustDesk Splashtop ScreenConnect LogMeIn GoTo Resolve Radmin ISL Online NoMachine Bomgar TightVNC Iperius MeshAgent Chrome Remote Desktop Parsec HopToDesk ShowMyPC ToDesk SunLogin AweSun Dayon GetScreen Veyon + 160 more

Enterprise RMM tools (abused in 2025-26 campaigns)

These are IT management platforms designed for businesses. Scammers and ransomware operators have increasingly hijacked them — RMM abuse rose 277% in 2025 according to Huntress.

Atera NinjaRMM Tactical RMM ConnectWise SimpleHelp Pulseway Syncro N-able ITarian Datto RMM Kaseya ManageEngine FleetDeck Action1 PDQ Connect SuperOps TrustConnect

Remote Access Trojans (63 blocked)

Malware specifically designed to give attackers hidden remote control of a victim's computer. Unlike the legitimate tools above, these have no legal use.

Well-known RAT families

AsyncRAT — Open-source, widely distributed via phishing
NjRAT — One of the most common RATs globally
Remcos — Sold as "legitimate admin tool", used as RAT
QuasarRAT — Open-source, popular in targeted campaigns
NanoCore — Persistent, targets credentials and webcams
DarkComet — Legacy RAT, still active in the wild
Gh0stRAT — Chinese-origin, used in espionage campaigns
Agent Tesla — Infostealer with RAT capabilities

Emerging threats (2025-2026)

XWorm — Rapidly growing, sold as MaaS on Telegram
VenomRAT — Heavily used in 2025-26 phishing waves
ResolverRAT — New in 2025, targets healthcare sector
StilachiRAT — Microsoft-flagged, browser credential theft
CrystalX RAT — Mar 2026, MaaS with prankware + stealer
STX RAT — Feb 2026, hidden desktop + credential harvest
TrustConnect — Fake RMM vendor, actually a RAT sold for $300/mo
Steaelite — Bundles RAT + ransomware + stealer

How We Detect Threats

RemoteShield uses multiple detection layers so threats can't hide behind renamed files or disguised installers.

01
Filename Matching
Instant check against 255 known executables. If the file is named anydesk.exe, it's blocked before it can open a connection.
02
Pattern Recognition
Catches renamed copies. If someone renames anydesk.exe to helper.exe, our regex patterns still identify it by its internal structure.
03
Digital Signature Analysis
44 known code-signing certificates used by remote access vendors are blocked by signer identity — even if the executable is brand new and not yet in our database.
04
Window Title Detection
22 known window titles like "AnyDesk — Remote Desktop" are monitored. Catches tools that try to hide their filename but can't hide their UI.
05
Network Port Blocking
14 ports commonly used by remote access tools are blocked via Windows Firewall when network protection is enabled — an additional layer even if a tool somehow starts.
06
Behavioural Heuristics
For unknown executables, we analyse metadata, command-line arguments, and runtime behaviour to catch zero-day remote access tools not yet in our database.

Automatic Updates. Set and Forget.

The threat database updates automatically every 12 hours. When our researchers discover a new tool being used in scams, it's added to the database and pushed to every RemoteShield installation — no action required from you or your IT support.

Updates are cryptographically verified using SHA-256 hashes before being applied. If an update fails verification, it's rejected silently and the existing database continues protecting you. You're always protected, even if something goes wrong with an update.

Database version: v1.7.0 · Last updated: 27 April 2026 · Next audit scheduled: July 2026

Use a legitimate remote tool for your business?

RemoteShield includes a whitelist feature. If your IT support provider uses a specific tool like Quick Assist or Splashtop to help you remotely, they can add it to the whitelist during installation. That specific tool will be allowed while everything else stays blocked. This way your trusted technician can still help you, but scammers using any other tool are still stopped.