Cybersecurity researchers have discovered a new phishing campaign spreading a fileless variant of Remcos RAT, which enables attackers to control victims’ computers and extract sensitive data.
'The malicious Excel document exploits a known remote code execution flaw in Office to download a hidden HTA file that ultimately executes the Remcos RAT,' Zhang illustrated.
'Rather than saving the Remcos file into a local file and running it, it directly deploys Remcos in the current process's memory,' providing a stealthy means of operation.
Remcos RAT, initially a legitimate tool, has been abused by threat actors for data harvesting and remote command execution, posing significant cybersecurity risks.
Collection
[
|
...
]