MalwareBytes cybersecurity experts find 4 campaigns to spread a RAT with different baits but the same custom malware.
Technical analysis by the Malware Hunter JAMESWT
New Remcos aggressive campaign via DHL. Three different emails in one day with the same xls attachment: the malware itself. The file, if opened, activates the infection chain
Remcos is hiding inside a fake DHL email about an alleged shipment.
The xls attachment is the malware itself and, if opened, activates the infection chain.
The campaign, however, is very aggressive. In fact, in just one day, three different emails arrived with the notification numbers changing. The attached file, on the other hand, is always the same. Remcos is a cybercrime Remote Access Trojan (RAT) with a wide range of features such as closely monitoring user activity, recording audio and video content, acquiring credentials, digital currency theft, downloading of additional payloads and exfiltration of confidential data avoiding detection and sandboxes.