1 min read

Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign

Janos Gergo SZELES

January 13, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign

In the late summer of 2020, the Bitdefender Active Threat Control team noticed a surge of Remcos malware, with most of the attacks taking place in Colombia. While the malware family has been known for quite a while to cyber-criminals and malware researchers alike, this new campaign captured our attention as it arrived on the victims’ computers via phishing e-mails related to financial services and COVID-19 information.

Malicious use of Remcos dates back to 2017, as this Remote Access Trojan has been largely used by both commercial and advanced threat actors (such as Gorgon or APT33). Unlike previous campaigns, the attack in Colombia leverages several interesting tactics:

  • it uses the Coronavirus pandemic to lure victims into opening the spam message and running the initial malware;
  • it uses additional payloads hard-coded in images through steganography. The images laced with malware are posted on a popular viral images website to evade blacklists;
  • comes with several anti-reverse-engineering tricks to keep antimalware labs busy.

Privacy impact

By nature, Remote Access Trojans are major security threats as they allow attackers to gain complete control of the victim’s device and data, including access to sensors such as the webcam or microphone.

User credentials or data stored on the system may land in the wrong hands and used further to gain access to other accounts or to blackmail the victim.

Download the whitepaper

tags


Author



Right now

Top posts

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

December 06, 2022

1 min read
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

October 05, 2022

1 min read
A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EyeSpy - Iranian Spyware Delivered in VPN Installers EyeSpy - Iranian Spyware Delivered in VPN Installers
Janos Gergo SZELESBogdan BOTEZATU
2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Bitdefender

January 05, 2023

1 min read
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
Adrian SCHIPORVictor VRABIE
1 min read