Most remote access software has the same patterns as malware, no? It's only a matter of who's driving?
A related anecdote: I watched, in person, a user call into their workplace's offshore IT support, who had honestly no idea what they were doing, and kept poking around aimlessly in a remote desktop session. I remarked that, having watched tech support scam baiting videos, the interactions were honestly indistinguishable, and hopefully the user had dialed the correct number. The user was not amused.
A related anecdote: I watched, in person, a user call into their workplace's offshore IT support, who had honestly no idea what they were doing, and kept poking around aimlessly in a remote desktop session. I remarked that, having watched tech support scam baiting videos, the interactions were honestly indistinguishable, and hopefully the user had dialed the correct number. The user was not amused.