November 11, 2024 at 04:49PM Threat actors are using a modified Remcos RAT to exploit a Microsoft Windows vulnerability via phishing emails. The malware utilizes multiple script languages to evade detection and installs itself through a complex process. Experts emphasize the need for patch management, employee training, and endpoint protection as critical defenses against such … Read more
November 11, 2024 at 01:36AM Cybersecurity researchers revealed a new phishing campaign exploiting Remcos RAT, utilizing a malicious Excel attachment to execute a fileless variant. This allows attackers to remotely control compromised computers and gather sensitive data. Additionally, phishing tactics have evolved to include using legitimate DocuSign accounts and ZIP file concatenation to bypass security … Read more
October 11, 2024 at 02:00PM A new malware campaign targets the finance and insurance sectors using GitHub links in phishing emails to deliver Remcos RAT, exploiting trusted repositories. This technique, involving malware uploads to GitHub issues, allows attackers to bypass security. Recent research reveals expanded phishing tactics targeting accommodation platforms, improving scam effectiveness through automation. … Read more
April 9, 2024 at 04:15AM Cybersecurity researchers have uncovered a complex multi-stage attack using invoice-themed phishing emails to distribute various malware, including Venom RAT, Remcos RAT, and others. The attack utilizes BatCloak obfuscation and ScrubCrypt to deliver obfuscated batch scripts, ultimately executing malware such as Venom RAT and a wallet-stealing plugin. The attack demonstrates sophisticated … Read more
February 26, 2024 at 10:45AM Ukrainian entities based in Finland are targeted in a malicious campaign distributing the Remcos RAT using the IDAT Loader. The attack utilizes steganography and has been attributed to the threat actor UAC-0184. Other loaders like Hijack Loader have been used to distribute additional payloads. CERT-UA disclosed a phishing campaign involving … Read more
January 4, 2024 at 08:37PM Threat actor UNC-0050, known for targeting Ukrainian organizations with RemcosRAT, is back with a new tactic using anonymous pipes to transfer data covertly. The group’s latest campaign aims at Ukrainian government entities, posing a significant risk to Windows-reliant sectors. Uptycs researchers highlighted the group’s politically motivated activities and state the … Read more
January 4, 2024 at 04:06AM The UAC-0050 threat actor is using phishing attacks to distribute the Remcos RAT, employing new tactics to avoid detection by security software. Uptycs researchers highlight the group’s use of a pipe method for interprocess communication, demonstrating advanced adaptability. The group has a history of targeting Ukrainian and Polish entities through … Read more