1 min read

Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign

Janos Gergo SZELES

January 13, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign

In the late summer of 2020, the Bitdefender Active Threat Control team noticed a surge of Remcos malware, with most of the attacks taking place in Colombia. While the malware family has been known for quite a while to cyber-criminals and malware researchers alike, this new campaign captured our attention as it arrived on the victims’ computers via phishing e-mails related to financial services and COVID-19 information.

Malicious use of Remcos dates back to 2017, as this Remote Access Trojan has been largely used by both commercial and advanced threat actors (such as Gorgon or APT33). Unlike previous campaigns, the attack in Colombia leverages several interesting tactics:

  • it uses the Coronavirus pandemic to lure victims into opening the spam message and running the initial malware;
  • it uses additional payloads hard-coded in images through steganography. The images laced with malware are posted on a popular viral images website to evade blacklists;
  • comes with several anti-reverse-engineering tricks to keep antimalware labs busy.

Privacy impact

By nature, Remote Access Trojans are major security threats as they allow attackers to gain complete control of the victim’s device and data, including access to sensors such as the webcam or microphone.

User credentials or data stored on the system may land in the wrong hands and used further to gain access to other accounts or to blackmail the victim.

Download the whitepaper

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Under Siege for Months: the Anatomy of an Industrial Espionage Operation Under Siege for Months: the Anatomy of an Industrial Espionage Operation
Alexandru MAXIMCIUCVictor VRABIE
1 min read
New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read