Wordfence cybersecurity researchers: The versions involved are up to, and including, 0.3.11. The issue has been completely fixed in 0.3.12.
The email “Hesap hareketleriniz” conveys Remcos. A new zipped attachment contains an exe: the malware, while the text and C2s do not change from previous campaign waves
The “Hesap hareketleriniz” email is the latest bait of the Garanti BBVA-themed Remcos campaign.
A new zipped attachment contains an exe: the malware, while the text and C2s are unchanged from previous campaign waves. Remcos is a cybercrime Remote Access Trojan (RAT), mainly associated with courier-themed phishing campaigns and with a wide range of functions: such as closely monitoring user activities, recording audio and video content, capturing of credentials, stealing digital currency, downloading additional payloads, and exfiltrating confidential data by avoiding detection and sandboxes.