Wednesday, January 22, 2025
Follow us On Linkedin
HomeComputer SecurityMultiple Malware Campaigns Distributing Remcos RAT Via Malicious Excel and Word Documents

Multiple Malware Campaigns Distributing Remcos RAT Via Malicious Excel and Word Documents

Computer SecurityMalware

Published on

By Gurubaran
Multiple Malware Campaigns Distributing Remcos RAT Via Malicious Excel and Word Documents

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Multiple malware campaigns attempting to install Remcos RAT on victim’s machines to gain access to the system. Attackers delivering the malware through Excel spreadsheets and Word documents.

Remcos remote access tool offered for sales by a company called Breaking Security and the license ranges from €58.00 to €389.00 based on the license. The tool contains a number of surveillance functions.

It was first sold in hacking forums in late 2016 and from that point it get’s updated with more features continuously, the RAT gives complete remote access to the attacker and it is supported from Windows XP to all versions including server editions.

Researchers from Cisco spotted several malware campaigns that attempt to install the RAT on various endpoints. The RAT gives everything that attacker required to run an illegal bot.

Remcos RAT Distribution

Remcos advertised on various underground forums which allows threats actors to leverage this malware to launch a variety of attacks to infect the system.

Earlier this year threat actors targeted defense contractors in Turkey with Remcos, Talos now confirmed the attacker also targeting the following organizations.

  • International news agencies
  • Diesel equipment manufacturers and service providers operating within the maritime and energy sector
  • HVAC service providers operating within the energy sector
The attack starts with a well-crafted spear phishing email that poses to be from the Turkish government agency related to tax reporting for the victim’s organization and the email contains malicious Microsoft Office and Excel documents attached.
Remcos RAT

Talos observed most of the documents are blurred and contains unclear images to lure victim’s to enable macros and view the content.

Remcos RAT

The macro in this file contains an executable when executed the macros reconstruct the executable and save in the %Temp% or %AppData% locations.

Remcos RAT
The Executable then downloads the Remcos malware which gives an attacker a complete control over the victim’s machine. The Remcos RAT is capable of monitoring keystrokes, take remote screen captures, manage files, execute commands on infected systems and more.

“Organizations should ensure that they are implementing security controls to combat Remcos, it is a robust tool that is being actively developed to include new functionality increasing what the attackers can gain access to.”

Also Read

Beware !! Dangerous RAT’s Called “Adwind, Remcos, Netwire” Delivering via A360 Cloud Drive

Commercial Remote Access Trojan (RAT) Remcos Spotted in Live Attacks

AdvisorsBot Malware Attack on Hotels, Restaurants, and Telecommunications Via Weaponized Word Document

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CVE/vulnerability

Three New ICS Advisories Released by CISA Detailing Vulnerabilities & Mitigations

The Cybersecurity and Infrastructure Security Agency (CISA) announced three new Industrial Control Systems (ICS)...
CVE/vulnerability

Security Researchers Discover Critical RCE Vulnerability, Earn $40,000 Bounty

Cybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability...
Cyber Security News

IBM i Access Client Solutions Might Be Leaking Your Passwords

A potential security flaw in IBM i Access Client Solutions (ACS) has raised serious...
Cyber Security News

Weaponized VS Code Impersonate Zoom App Steals Cookies From Chrome

A newly identified extension for Visual Studio Code (VS Code) has been found to...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

Cyber Security News

Beware! Fake SBI Reward APK Attacking Users to Deliver Android Malware

A recent phishing campaign has targeted customers of SBI Bank through a deceptive message...
Cyber Security News

Gootloader Malware Employs Blackhat SEO Techniques To Attack Victims

The Gootloader malware family employs sophisticated social engineering tactics to infiltrate computers.By leveraging...
Cyber Security News

Hackers Weaponize MSI Packages & PNG Files to Deliver Multi-stage Malware

Researchers have reported a series of sophisticated cyber attacks aimed at organizations in Chinese-speaking...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved