Latest posts tagged with #REMCOS on Bluesky
REMCOS RAT campaigns trojanize legitimate Shotcut portable ZIPs by replacing DLLs with malicious loaders. Techniques include shellcode injection, in-memory loaders, and persistent C2 for keylogging and credential theft. #REMCOS #Shotcut #Russia
A hilariously broken #remcos #rat at:
https://refaccionesalma\\.com\\.mx/cor/ENCRYPTED.ps1
app.any.run/tasks/3ab78a39-ee40-4661...
dumps aspnet_compiler.exe as remcos.exe 😅 Actual exe is fe2dcfff84a13a6ef8835a51a70d8d7b77e98635fbb2524f4fc03b5cb5f9a62a, c2 mrekuro […]
Screenshot from an infected Windows host showing Remcos RAT and how it is persistent.
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at www.malware-traffic-analysis.net/2026/01/06/i...
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack reconbee.com/new-malware-...
#malware #malwarecampaign #Remcos #RAT #windows #windowsattack #cybersecurity #cyberattack
Example of a legitimate but compromised site showing the SmartApeSG fake CAPTCHA page.
HTTPS URLs from the infection run.
Traffic from an infection filtered in Wireshark.
Remcos RAT infection persistent on an infected Windows host.
2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT, with #Remcos #RAT C2 server at 192.144.56[.]80. A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at www.malware-traffic-analysis.net/2026/01/06/i...
Some #remcos in here, c2 179.43.176.6 5eaafdddb567070ed2cca9349b837063d6720e2ddb74f0c8609809059d91d005
Potatocriminals are deploying fileless Remcos attacks, injecting malicious code into RMClient to bypass EDRs and steal credentials. Stay vigilant! #PotatoSecurity #Remcos #EDREvasion #FilelessAttack Link: thedailytechfeed.com/emerging-fil...
Cybercriminals are deploying fileless Remcos attacks, injecting malicious code into RMClient to bypass EDRs and steal credentials. Stay vigilant! #CyberSecurity #Remcos #EDREvasion #FilelessAttack Link: thedailytechfeed.com/emerging-fil...
Been a while since I've seen a bundle:
app.any.run/tasks/854ff7f7-2165-4d69...
#remcos #rat #snakekeylogger
https://api.telegram\\.org/bot8344787963 on the #snakekeylogger
Cybercriminals are exploiting Windows LNK files to deploy REMCOS backdoors, granting full remote control over systems. Stay vigilant and educate users on the risks. #CyberSecurity #Malware #REMCOS Link: thedailytechfeed.com/emerging-cyb...
New malware campaign uses #Windows shortcut files to deliver the #REMCOS backdoor, giving attackers full control over victims' systems.
🔗 hackread.com/attack-windo...
#CyberSecurity #RemcosRAT #Malware #Phishing #InfoSec
CERT‑AGID monitora campagne malware in Italia tra luglio e agosto: phishing, Remcos, honeypot e protezione cyber in evoluzione.
#CERTAgID #Formbook #malware #phishing #Remcos
www.matricedigitale.it/2025/08/02/c...
#Remcos #malware is now at v7.0. No significant changes to the payload side, but improvements to enhance reliability and address bugs based on operator experience added.
Samples:
tria.ge/250709-3vxwa...
tria.ge/250710-vba87...
Looks to be distributed via email campaigns from reboundue[.]com emails
New: #Remcos malware is back with stealthy phishing campaigns hitting businesses and schools using tricky path bypass with spoofed and hacked emails.
Details here: hackread.com/remcos-malwa...
#CyberSecurity #malware #Phishing #scam #school
2025年4月の世界のサイバー脅威、FakeUpdatesがトップとなる状況を解析 #FakeUpdates #Remcos #AgentTesla
2025年4月の脅威インデックスを発表しました。FakeUpdatesが上位を占め、サイバー攻撃の複雑化が進む中、効果的な防御戦略が求められています。
⚠️ Watch out for ZIP and shortcut files on #Windows as attackers are using fake PDF icons to trick users into installing #Remcos trojan and take over computers.
Read: hackread.com/fileless-rem...
#CyberSecurity #Windows #Malware #RemcosRAT
🎯 Remcos RAT campaign zeroes in on CrowdStrike users in Latin America.
Find out how the attack works and how to defend against it.
🔗 wardenshield.com/exploiting-v...
#Remcos #CrowdStrike #cyberattack #latamcybersecurity #vulnerabilityexploitation #remoteaccesstrojan #infosec #wardenshield
Microsoft documenta una serie di attacchi phishing a tema fiscale che sfruttano l’IRS per installare malware come Latrodectus, BRc4 e Remcos
#AHKBot #BRc4 #cybercrime #guloader #IRS #Latrodectus #malware #PHISHING #RaccoonO365 #Remcos
www.matricedigitale.it/sicurezza-in...
www.netresec.com/
#NetworkMiner #QUIC #CIP #EtherNet/IP #UMAS #REMCOS #MSS #UPnP #JA3 #JA4 #njRAT
Event Attributes
The russia-backed #Gamaredon group targets Ukraine once again in the ongoing campaign that employs DLL sideloading and exploits LNK files to spread #Remcos backdoor. Detect related #APT attacks with #Sigma rules from SOC Prime Platform.
buff.ly/5LLvmrp
Cisco Talos scopre un’operazione persistente con file di collegamento malevoli, PowerShell offuscati e DLL sideloading per infettare con Remcos
#apt #backdoor #c2 #DLLsideloading #Gamaredon #guerracibernetica #lnk #malware #PHISHING #Powershell #Remcos #talo
www.matricedigitale.it/sicurezza-in...
Cisco Talos scopre un’operazione persistente con file di collegamento malevoli, PowerShell offuscati e DLL sideloading per infettare con Remcos
#apt #backdoor #c2 #DLLsideloading #Gamaredon #guerracibernetica #lnk #malware #PHISHING #Powershell #Remcos #talo
www.matricedigitale.it/sicurezza-in...
