The team logo
Daily Brief Changelog
v0.7

Article Details

Scrape Timestamp (UTC): 2024-01-16 13:26:10.281

Source: https://thehackernews.com/2024/01/remcos-rat-spreading-through-adult.html

Original Article Text

Click to Toggle View

Remcos RAT Spreading Through Adult Games in New Attack Wave. The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country. While webhards have been used in the past to deliver njRAT, UDP RAT, and DDoS botnet malware, the AhnLab Security Emergency Response Center's (ASEC) latest analysis shows that the technique has been adopted to distribute Remcos RAT. In these attacks, users are tricked into opening booby-trapped files by passing them off as adult games, which, when launched, execute malicious Visual Basic scripts in order to run an intermediate binary named "ffmpeg.exe." This results in the retrieval of Remcos RAT from an actor-controlled server. A sophisticated RAT, Remcos (aka Remote Control and Surveillance) facilitates unauthorized remote control and surveillance of compromised hosts, enabling threat actors to exfiltrate sensitive data. This malware, although originally marketed by Germany-based firm Breaking Security in 2016 as a bonafide remote administration tool, has metamorphosed into a potent weapon wielded by adversaries actors to infiltrate systems and establish unfettered control. "Remcos RAT has evolved into a malicious tool employed by threat actors across various campaigns," Cyfirma noted in an analysis in August 2023. "The malware's multifunctional capabilities, including keylogging, audio recording, screenshot capture, and more, highlight its potential to compromise user privacy, exfiltrate sensitive data, and manipulate systems. The RAT's ability to disable User Account Control (UAC) and establish persistence further amplifies its potential impact." Report: Unveiling the Threat of Malicious Browser Extensions Download the Report to learn the Risks of Malicious Extensions and How to Mitigate Them. Firewalls vs. Zero Trust: Minimize Your Attack Surface Learn latest trends in the attack landscape, attacker strategies, and how to implement Zero Trust Security.

Daily Brief Summary

MALWARE // Remcos RAT Disguised as Adult Games Targets South Korean Users

Remcos RAT, a sophisticated remote access trojan, is being spread through fake adult-themed games in South Korea.

The malware distribution leverages WebHard platforms, commonly used for file storage and sharing in the country.

Attackers trick users into downloading and executing booby-trapped files, which then deploy the Remcos RAT from a remote server.

Originally designed as a legitimate administration tool, Remcos has evolved into a tool for unauthorized surveillance and data exfiltration.

Features of Remcos include keylogging, audio recording, and the ability to bypass user account control (UAC) for persistence.

Breaking Security, a Germany-based firm, initially marketed Remcos as a benign tool, but it has since been adapted for malicious use by threat actors.

To mitigate risks, organizations are recommended to understand the threat of malicious browser extensions and consider strategies like Zero Trust security.