Remcos RAT could also allow enabling keylogging, remote shell creation, and unauthorised file access.
Malicious actors have begun using malicious Windows shortcut files to distribute the Remcos RAT malware as part of a new attack campaign.
According to a report from Point Wild's Lat61 Threat Intelligence team, and reported by Hackread, intrusions commence with the delivery of phishing emails with an LNK attachment, which executes a PowerShell command that stealthily downloads or decodes a concealed payload upon clicking.
Execution of the initial PowerShell command is followed by the retrieval of a Base64-encoded payload, which when decoded masquerades as a program information file that subsequently launches the Remcos RAT backdoor to enable total system takeovers.
Aside from enabling keylogging, remote shell creation, and unauthorised file access, Remcos RAT could also allow webcam and microphone compromise for additional espionage, said researchers.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
