Attackers Try to Deploy Remcos Malware with COVID-19-related Messages


May 07, 2020

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Attackers Try to Deploy Remcos Malware with COVID-19-related Messages

A new phishing campaign targeting U.S. users is trying to deploy Remcos, a powerful trojan that allows an attacker to gain full control of a victim”s computer, according to research from Microsoft Security Intelligence.

A multitude of phishing and spam campaigns directly related to the situation created by the COVID-19 pandemic are active right now. Bad actors try different approaches in their efforts to trick people into sharing credentials or downloading malware.

With the economy directly affected by the pandemic, people pay more attention to emails pretending to offer solutions, loans and other types of financial support. Another effective approach is to scare people with threats of account closures or company furloughs.

In this new campaign, the attackers are not interested in phishing, but in deploying Remcos malware. If successfully deployed, the malware can be used to steal credentials, control the PC remotely or even transform the PC into a bot.

“We”re seeing pockets of Remcos campaigns targeting specific sectors using various COVID-19 themed lures and atypical email attachments,” said the Microsoft team on Twitter. “Unlike more prominent malware, Remcos campaigns appear to be limited and short-lived, an attempt to fly under the radar.”

In one message, the attackers pretended to represent the US Small Business Administration, offering small businesses disaster loans. The message contained an IMG file, which mounts as an image in Windows. The only file was an executable that deployed Remco if run.

In a similar message, the attached file had a misleading PDF icon, but was still an executable. In a third example, the message was titled “COVID-19 related updates” and was directed at the members of the American Institute of CPAs.

Among these messages, one was designed for South Korean users and sought to impersonate the CDC”s Health Alert Network (HAN).

As usual, the best practice is never to open emails or attachments from unknown sources, and always make sure to have a security solution installed on the PC.

Here, at Bitdefender, we focus on protecting your devices from malicious activity and threats of all kinds. Now more than ever, we need autonomy and safety as we interact with the world through our internet-enabled devices. That”s why we have extended the trial for our best security suite, ensuring that you can take care of your family”s devices for up to 90 days. If you”re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?




Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like