Remcos RAT Spreading Through Adult Games in New Attack Wave

News

Jan 16, 2024NewsroomBotnet / Malware

The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea.

WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country.

While webhards have been used in the past to deliver njRAT, UDP RAT, and DDoS botnet malware, the AhnLab Security Emergency Response Center’s (ASEC) latest analysis shows that the technique has been adopted to distribute Remcos RAT.

Cybersecurity

In these attacks, users are tricked into opening booby-trapped files by passing them off as adult games, which, when launched, execute malicious Visual Basic scripts in order to run an intermediate binary named “ffmpeg.exe.”

This results in the retrieval of Remcos RAT from an actor-controlled server.

Remcos RAT

A sophisticated RAT, Remcos (aka Remote Control and Surveillance) facilitates unauthorized remote control and surveillance of compromised hosts, enabling threat actors to exfiltrate sensitive data.

This malware, although originally marketed by Germany-based firm Breaking Security in 2016 as a bonafide remote administration tool, has metamorphosed into a potent weapon wielded by adversaries actors to infiltrate systems and establish unfettered control.

Cybersecurity

“Remcos RAT has evolved into a malicious tool employed by threat actors across various campaigns,” Cyfirma noted in an analysis in August 2023.

“The malware’s multifunctional capabilities, including keylogging, audio recording, screenshot capture, and more, highlight its potential to compromise user privacy, exfiltrate sensitive data, and manipulate systems. The RAT’s ability to disable User Account Control (UAC) and establish persistence further amplifies its potential impact.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
Amazon MOVEit Leaker Claims to Be Ethical Hacker
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
Researchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML Platform
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Leave a Reply

Your email address will not be published. Required fields are marked *