Remcos RAT is spreading through adult games in a new wave of attacks

Remcos RAT

The remote access trojan (RAT) known as Remcos RAT has been discovered to be distributed in South Korea via web hardeners by disguising them as adult-themed games.

WebHard, an abbreviation of web hard driveis a popular online file storage system used for uploading, downloading and sharing files in the country.

While web hards have been used to deliver in the past njRATUDP RAT and DDoS botnet malware, the latest analysis from the AhnLab Security Emergency Response Center (ASEC) shows that the technology has been used to distribute Remcos RAT.

In these attacks, users are tricked into opening booby-trapped files by posing as adult games, which, when launched, run malicious Visual Basic scripts to create an intermediate binary file called “ffmpeg.exe” to be carried out.

This results in retrieving Remcos RAT from an actor-controlled server.

Remcos RAT

Remcos (also known as Remote Control and Surveillance) is an advanced RAT that enables unauthorized remote control and remote monitoring of compromised hosts, allowing threat actors to exfiltrate sensitive data.

Originally marketed in 2016 by Germany-based company Breaking Security as a bona fide remote management tool, this malware has turned into a powerful weapon. used by opponents actors to infiltrate systems and establish unfettered control.

“Remcos RAT has evolved into a malicious tool used by threat actors in various campaigns,” says Cyfirma noted in an analysis in August 2023.

“The malware’s multi-functional capabilities, including keylogging, audio recording, screenshot recording and more, highlight its potential to compromise user privacy, exfiltrate sensitive data and manipulate systems. The RAT’s ability to disable User Account Control (UAC) and establish persistence further amplifies this. its potential impact.”

#Remcos #RAT #spreading #adult #games #wave #attacks

Notify of
Inline Feedbacks
View all comments
Previous Post
SonicWall Firewalls

Warning: More than 178,000 SonicWall firewalls may be vulnerable to exploits

Next Post
Sudo for Windows 11

Microsoft introduces Linux-like ‘sudo’ command in Windows 11

Related Posts