Saturday, May 3, 2025
HomeCyber Security NewsHackers Deliver Remcos RAT as Weaponized PDF Payslip Document

Hackers Deliver Remcos RAT as Weaponized PDF Payslip Document

Published on

SIEM as a Service

Follow Us on Google News

AhnLab Security Emergency Response Center (ASEC) has recently revealed a disturbing case of Remcos RAT, a malicious software that can remotely access and manipulate infected machines. 

The attackers behind this malware used a clever email scam that pretended to be a payslip to trick the recipients into opening a compressed CAB file that contained the Remcos RAT disguised as a PDF file.

Remcos RAT to enter the target's system
Remcos RAT to enter the target’s system

This sneaky trick allowed the Remcos RAT to enter the target’s system, giving the attacker a lot of malicious options. 

- Advertisement - Google News

The Remcos RAT, once run, has many intrusive capabilities. It can log keystrokes, take screenshots, control webcams and microphones, and execute various actions as per the attacker’s commands. 

It can also steal sensitive data, such as browsing histories and stored passwords, from the victim’s system.

Remcos RAT
Remcos RAT

Interestingly, the Remcos RAT stays inactive until it gets commands from the attacker’s command and control (C2) server. 

This helps it evade detection by security systems. However, it has a unique feature that makes it different from typical remote-access trojans. 

The Remcos RAT has an offline keylogger that starts working right after infection without needing a command from the C2 server. 

This creates a weakness that can be used for detection, especially with sandbox devices.

Various control features of the Remcos RAT’s remote control server (Remcos v2.6.0

The offline keylogger in the Remcos RAT works by using the SetWindowHookExA API and installing a hook procedure to monitor keyboard input events through the WH_KEYBOARD_LL argument.

AhnLab’s MDS sandbox environment successfully detects the malicious behavior of this offline keylogger.

This feature helps to identify the Remcos RAT’s presence even before it connects with the C2 server.

Remcos RAT malware detected using AhnLab MDS (2)

To conclude, Remcos RAT is a serious threat that can do a lot of harm. Its unique offline keylogger feature offers a chance for detection, making it important for security administrators to use advanced threat prevention solutions, such as MDS, and to carefully monitor endpoint environments for any unusual behaviors using products like EDR. 

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys

Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...