HQ/EMEAFind out how we can help your business
Threat actors have created a new phishing campaign that employs a novel strategy to spread the notorious Remcos RAT (Remote Access Trojan). Based on reports, these hackers disguise their malicious software as a payslip to deceive targeted users.
The threat actors disseminate phishing emails with a subject line that reads, ‘This is a confirmation document for your payment transfer.’ They use such tactics to lure the email recipients, allowing them to release their payload.
These deceptive emails store compressed cab files and an executable (EXE) file, which happens to be the Remcos RAT. The attackers also utilise the PDF icon to hide their malicious EXE files to present them as a harmless payload.
The Remcos RAT will immediately execute its capabilities after infection.
After successfully executing the infected device, the Remcos RAT will immediately capture screenshots, log keystrokes, and hijack webcams and mics. Then, it extracts browsing histories and steals saved passwords from the web browsers of its victims.
This event is not the first incident of this malware employed to steal users’ sensitive data. Microsoft reported a strikingly similar incident in a recent attack earlier this year. The Remcos RAT targeted employees working in U.S. accounting and tax return preparation firms.
This malware has evolved into a prevalent weapon for various malicious campaigns orchestrated by cybercriminals. Notably, operators responsible for the QakBot malware have recently distributed this Trojan alongside the Knight ransomware as part of an extended attack campaign that has been ongoing since August.
Researchers also revealed that a concealed Remcos RAT campaign succeeded in infecting 40 prominent companies throughout Columbia. This breach gave the attackers absolute control over the compromised systems, enabling them to orchestrate more malicious operations.
Remcos RAT is a highly intricate, multi-staged malware that employs diverse obfuscation techniques to bypass security detection. Since it spreads through malicious attachments delivered via email, organisations must exercise caution and review extensions before opening or downloading them.
They could also implement Intrusion Detection Systems (IDS) to monitor and identify any irregular activities on systems closely. Organisations should be vigilant against these cyber threats since their operators constantly change their infection strategies.
