CyberSecurityBoard
Sponsor Register Login

The Persistent Danger of Remcos RAT

From initial infection to persistent control, the Remcos RAT campaign exemplifies the evolving nature of cyber threats and the need for proactive defense measures.
This ecosystem is supported by a diverse array of servers that function as command and control centres, orchestrating the distribution of Remcos RAT and various other malicious files to compromised systems.
Remcos RAT is a type of remote access Trojan that facilitates unauthorized remote control and surveillance of compromised systems.
Remcos RAT is typically spread through malicious attachments, drive-by downloads, or social engineering tactics.
Despite the security company's assertion that access is restricted to lawful intentions, Remcos RAT has now become a commonly employed tool in various malicious campaigns conducted by threat actors.
This IP hosts malicious files, including a.bat script and the Remcos RAT binary.
Our OSINT research reveals a surge in IPs delivering Remcos RAT payloads over the past two months, with fresh IPs detected even in the current month.
Our research team identified several IPs hosting Remcos RAT believe to be part of the campaigns where numerous IPs hosting Remcos RAT and other malicious files.
As per the OSINT investigation, such IPs/URLs hosting Remcos RAT and delivering such malicious payloads on infected machines are constantly reported by independent researchers and such discovery increased in the past two months.
The Following are several URLs/IPs identified using OSINT investigation, hosting Remcos RAT, GuLoader and other malicious files.
Below are a few screenshots of the malicious IPs hosting several malicious files including Remcos RAT for multistage attack.
Exe file - possibly Remcos RAT - and another zip file contains.
Bat file, possibly having script to download and execute Remcos RAT from this IP. This infection contains many stages, and largely depends on the C2 server which stores the required files for each stage.
From an external threat landscape management perspective, the proliferation of numerous IP addresses and infrastructure hosting the Remcos RAT and other malicious files raises significant concerns due to their dynamic role as command and control servers for distributing and downloading malicious payloads.
This report sheds light on the multifaceted, persistent threat posed by the Remcos Remote Access Trojan.
Operating since 2016, Remcos RAT has evolved into a malicious tool employed by threat actors across various campaigns.
Our investigation into the ongoing Remcos RAT hosting on various servers across globe emphasizes its adaptability and evasion tactics.
The discovery of multiple IPs hosting the Remcos RAT underscores the widespread reach of this threat: these IPs serve as conduits for delivering malicious payloads, and the dynamic nature of the infrastructure presents an intricate challenge for mitigation efforts.
Implement robust endpoint security solutions that include advanced threat detection and prevention mechanisms to identify and block malicious activities associated with RATs like Remcos.
Stay updated on the latest threat intelligence reports and indicators of compromise related to Remcos and similar RATs to proactively identify potential threats.


This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Sun, 24 Dec 2023 06:13:06 +0000


Cyber News related to The Persistent Danger of Remcos RAT

The Persistent Danger of Remcos RAT - From initial infection to persistent control, the Remcos RAT campaign exemplifies the evolving nature of cyber threats and the need for proactive defense measures. This ecosystem is supported by a diverse array of servers that function as command and ...
1 year ago Cyberdefensemagazine.com
Digital Battlefield: Syrian Threat Group's Sinister SilverRAT Emerges - Cyfirma claims that the developers maintain a sophisticated and active presence on multiple hacker forums and social media platforms, as outlined by the cybersecurity company. Besides operating a Telegram channel offering leaked databases, carding ...
1 year ago Cysecurity.news
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method - Remcos RAT is a type of Remote Access Trojan used for unauthorized access and control of a computer system. It allows threat actors to perform various malicious activities like:-. Cybersecurity researchers at Uptycs recently discovered that the ...
1 year ago Gbhackers.com
Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms - Attackers likely tied the creators of the XorDdos Linux remote access Trojan have been wielding a separate Linux RAT for nearly two years without detection, using it to target organizations in Thailand and maintain malicious access to infected ...
1 year ago Darkreading.com
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets - A new variant of the infamous "Gh0st RAT" malware has been identified in recent attacks targeting South Koreans and the Ministry of Foreign Affairs in Uzbekistan. The Chinese group "C.Rufus Security Team" first released Gh0st RAT on the open Web in ...
1 year ago Darkreading.com
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities - The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and ...
1 year ago Thehackernews.com CVE-2023-38831 APT3 SideCopy Transparent Tribe
Microsoft: New RAT malware used for crypto theft, reconnaissance - Last but not least, Microsoft says StilachiRAT allows command execution and potential SOCKS-like proxying using commands from a command-and-control (C2) server to the infected devices, which can let the threat actors reboot the compromised system, ...
3 weeks ago Bleepingcomputer.com
FBI Shuts Down Warzone RAT; Cybercriminals Arrested - In a major victory against cybercrime, the FBI has successfully taken down the Warzone RAT malware operation. This operation led to the arrest of two individuals involved in the illicit activities. One of the suspects, 27-year-old Daniel Meli from ...
1 year ago Cysecurity.news
Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows - Cisco Talos researchers identified this campaign has been active since at least November 2024, with evidence suggesting Gamaredon is specifically targeting Ukrainian government organizations, critical infrastructure, and entities affiliated with ...
2 weeks ago Cybersecuritynews.com
Windows Incident Response: Human Behavior In Digital Forensics, pt II - Targeted Threat ActorI was working a targeted threat actor response, and while we were continuing to collect information for scoping, so we could move to containment, we found that on one day, from one endpoint, the threat actor pushed their RAT ...
1 year ago Windowsir.blogspot.com
Lifehacks for Analyzing Orcus Rat Data in 2023 - As the world of data becomes an increasingly integral part of our lives, it is important to understand how to analyze data from the Orcus Rat. This is because it can provide an even greater understanding of the trends in the market and how companies ...
2 years ago Thehackernews.com
Gh0st rat - Gh0st RAT is a Trojan horse for the Windows platform. The “RAT” part of the name refers to the software’s ability to operate as a "Remote Administration Tool". It is a cyber spying computer program used to control infected Windows computers ...
1 year ago
SugarGh0st RAT Delivered via Malicious Windows & JavaScript - RATs allow threat actors to execute the following malicious actions while remaining hidden from the victim:-. Recently, cybersecurity researchers at Cisco Talos discovered a malicious campaign that was found to be delivering a new RAT that's been ...
1 year ago Cybersecuritynews.com
Silver RAT Evades Anti-viruses to Hack Windows Machines - Hackers use Remote Access Trojans to gain unauthorized access and control over a victim's computer remotely. These malicious tools allow hackers to perform various malicious activities like the following without the user's knowledge:-. Recently, ...
1 year ago Cybersecuritynews.com
FBI seizes Warzone RAT infrastructure, arrests malware vendor - The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. Daniel Meli, 27, a resident of Malta, was arrested last week for his role in the proliferation of ...
1 year ago Bleepingcomputer.com
'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE - A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan that evades detection, partially by showing up as legitimate software. Threat actors previously have used the RAT ...
1 year ago Darkreading.com
Warning to Ukrainian Government Cyber Attacks Using Remcos Software Detected - The Computer Emergency Response Team of Ukraine has issued a warning about cyber attacks against state authorities in the country that use a legitimate remote access software called Remcos. The malicious campaign is believed to be conducted by a ...
2 years ago Thehackernews.com
How Stealthy Python Rat Malware is Targeting Windows Systems - Cybersecurity experts have recently alerted Windows users to a new malware threat: a stealthy python-based RAT malware that is specifically targeting Windows systems. The malware, which has been dubbed “Python Rat” by security researchers, has ...
2 years ago Bleepingcomputer.com
Dark Caracal group might have refreshed its malware, researchers say | The Record from Recorded Future News - Campaigns linked to Bandook and Poco RAT share key traits, researchers said, including the use of blurred decoy documents, link-shortening services and legitimate cloud storage for payload distribution, which can make operations harder to detect. The ...
1 month ago Therecord.media Dark Caracal
NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps - Security experts recommend users maintain updated antivirus software, implement application whitelisting, disable PowerShell execution for standard users, and be vigilant about suspicious links or commands. As Neptune RAT continues to evolve with new ...
6 days ago Cybersecuritynews.com
BIG SHARK Android RAT Cracked & Leaked from Chinese Market  - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The cracked BIG SHARK RAT has been shared on underground forums, with download links hosted on platforms like MediaFire and ...
1 month ago Cybersecuritynews.com
Krasue RAT Malware: A New Threat to Linux Systems - In the field of cybersecurity, a potent and covert threat called Krasue has surfaced. This remote access trojan has been silently infiltrating Linux systems, primarily targeting telecommunications companies since 2021. This blog post will explore ...
1 year ago Securityboulevard.com
AllaKore RAT: Malware Target Mexican Banks and Crypto Platforms - Mexican financial institutions are suffering attacks by a new spear-phishing campaign, spreading a modified version of an open-source remote access trojan named 'AllaKore RAT'. The activity was attributed by the BlackBerry Research and Intelligence ...
1 year ago Cysecurity.news
Threat Actors Allegedly Selling SnowDog RAT Malware With Control Panel on Hacker Forums - Security experts recommend organizations implement robust email filtering, keep systems updated with security patches, utilize behavior-based endpoint protection, and maintain comprehensive network monitoring to detect unusual data transfers or ...
1 week ago Cybersecuritynews.com
New Python-Based Discord RAT Attacking Users to Steal Login Credentials - Content == "Sending Command #2 - Password Stealer" and message.channel.id == channelid: username = os.getlogin() try: passwords = open(f"C:/Users/{username}/AppData/Local/Google/Chrome/User Data/Default/Login Data", "rb").read() await ...
2 weeks ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)