1 min read

Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign

Janos Gergo SZELES

January 13, 2021

Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign

In the late summer of 2020, the Bitdefender Active Threat Control team noticed a surge of Remcos malware, with most of the attacks taking place in Colombia. While the malware family has been known for quite a while to cyber-criminals and malware researchers alike, this new campaign captured our attention as it arrived on the victims’ computers via phishing e-mails related to financial services and COVID-19 information.

Malicious use of Remcos dates back to 2017, as this Remote Access Trojan has been largely used by both commercial and advanced threat actors (such as Gorgon or APT33). Unlike previous campaigns, the attack in Colombia leverages several interesting tactics:

  • it uses the Coronavirus pandemic to lure victims into opening the spam message and running the initial malware;
  • it uses additional payloads hard-coded in images through steganography. The images laced with malware are posted on a popular viral images website to evade blacklists;
  • comes with several anti-reverse-engineering tricks to keep antimalware labs busy.

Privacy impact

By nature, Remote Access Trojans are major security threats as they allow attackers to gain complete control of the victim’s device and data, including access to sensors such as the webcam or microphone.

User credentials or data stored on the system may land in the wrong hands and used further to gain access to other accounts or to blackmail the victim.

Download the whitepaper

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE
9 min read
Debugging MosaicLoader, One Step at a Time Debugging MosaicLoader, One Step at a Time
Janos Gergo SZELESBogdan BOTEZATU
1 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Bitdefender

July 14, 2021

10 min read