The distant entry trojan (RAT) referred to as Remcos RAT has been discovered being propagated through webhards by disguising it as adult-themed video games in South Korea.
WebHard, brief for net laborious drive, is a well-liked on-line file storage system used to add, obtain, and share recordsdata within the nation.
Whereas webhards have been used up to now to ship njRAT, UDP RAT, and DDoS botnet malware, the AhnLab Safety Emergency Response Heart’s (ASEC) newest evaluation exhibits that the method has been adopted to distribute Remcos RAT.
In these assaults, customers are tricked into opening booby-trapped recordsdata by passing them off as grownup video games, which, when launched, execute malicious Visible Primary scripts with a view to run an intermediate binary named “ffmpeg.exe.”
This ends in the retrieval of Remcos RAT from an actor-controlled server.
A complicated RAT, Remcos (aka Distant Management and Surveillance) facilitates unauthorized distant management and surveillance of compromised hosts, enabling risk actors to exfiltrate delicate information.
This malware, though initially marketed by Germany-based agency Breaking Safety in 2016 as a bonafide distant administration instrument, has metamorphosed right into a potent weapon wielded by adversaries actors to infiltrate programs and set up unfettered management.
“Remcos RAT has advanced right into a malicious instrument employed by risk actors throughout numerous campaigns,” Cyfirma famous in an evaluation in August 2023.
“The malware’s multifunctional capabilities, together with keylogging, audio recording, screenshot seize, and extra, spotlight its potential to compromise person privateness, exfiltrate delicate information, and manipulate programs. The RAT’s potential to disable Person Account Management (UAC) and set up persistence additional amplifies its potential affect.”
