ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
Technical analysis by the Malware Hunter JAMESWT
New RemcosRAT campaign via DHL. The email tar attachment contains the malware itself. If opened, it activates the infection chain
A fake DHL shipment conveys a new global RemcosRAT campaign.
The email tar attachment contains an executable file: the malware itself. This, if opened, activates the chain of infection. Remcos is a cybercrime Remote Access Trojan (RAT) with a wide range of features such as closely monitoring user activity, recording audio and video content, acquiring credentials, digital currency theft, downloading of additional payloads and exfiltration of confidential data avoiding detection and sandboxes.