Thursday, March 28, 2024

Multiple Malware Campaigns Distributing Remcos RAT Via Malicious Excel and Word Documents

Multiple malware campaigns attempting to install Remcos RAT on victim’s machines to gain access to the system. Attackers delivering the malware through Excel spreadsheets and Word documents.

Remcos remote access tool offered for sales by a company called Breaking Security and the license ranges from €58.00 to €389.00 based on the license. The tool contains a number of surveillance functions.

It was first sold in hacking forums in late 2016 and from that point it get’s updated with more features continuously, the RAT gives complete remote access to the attacker and it is supported from Windows XP to all versions including server editions.

Researchers from Cisco spotted several malware campaigns that attempt to install the RAT on various endpoints. The RAT gives everything that attacker required to run an illegal bot.

Remcos RAT Distribution

Remcos advertised on various underground forums which allows threats actors to leverage this malware to launch a variety of attacks to infect the system.

Earlier this year threat actors targeted defense contractors in Turkey with Remcos, Talos now confirmed the attacker also targeting the following organizations.

  • International news agencies
  • Diesel equipment manufacturers and service providers operating within the maritime and energy sector
  • HVAC service providers operating within the energy sector
The attack starts with a well-crafted spear phishing email that poses to be from the Turkish government agency related to tax reporting for the victim’s organization and the email contains malicious Microsoft Office and Excel documents attached.
Remcos RAT

Talos observed most of the documents are blurred and contains unclear images to lure victim’s to enable macros and view the content.

Remcos RAT

The macro in this file contains an executable when executed the macros reconstruct the executable and save in the %Temp% or %AppData% locations.

Remcos RAT
The Executable then downloads the Remcos malware which gives an attacker a complete control over the victim’s machine. The Remcos RAT is capable of monitoring keystrokes, take remote screen captures, manage files, execute commands on infected systems and more.

“Organizations should ensure that they are implementing security controls to combat Remcos, it is a robust tool that is being actively developed to include new functionality increasing what the attackers can gain access to.”

Also Read

Beware !! Dangerous RAT’s Called “Adwind, Remcos, Netwire” Delivering via A360 Cloud Drive

Commercial Remote Access Trojan (RAT) Remcos Spotted in Live Attacks

AdvisorsBot Malware Attack on Hotels, Restaurants, and Telecommunications Via Weaponized Word Document

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles