New malware campaigns using phishing emails with REMCOS RAT executables
Recently, according to updates, a new malware has been reported to be launched through emails. This malware is being transferred through a mail that contains excel files.
The spam email, reportedly Exploits Equation Editor vulnerability. Through this move it enables the system to download and execute the Remcos rat.
Malwarebytes Threat Intelligence recently updated about this spam email through a tweet.
Spam email -> Contains Excel file -> Exploits Equation Editor vulnerability to download and execute the Remcos Rat.
➡️ Attachment:
2438fdb2d941332dd1ca6be595a1117e
761 CTNS GD COPY.xlsx➡️ Download URL:
http://79.110.62.213/HXX.exe pic.twitter.com/fRyB4zk7HZ— Malwarebytes Threat Intelligence (@MBThreatIntel) August 24, 2022
As of now it is unknown how many users have been victimized through this.
There hasn’t been any official claims by any threat actors regarding the campaign. Additionally, it is also unknown how many people have been victimized through this.
Remcos is also known as Remote Control and Surveillance. It is marketed by a Germany based firm Breaking Security. It is marketed as a legitimate software to remotely manage Windows system. It has seen wide usage at present for malicious campaigns by threat actors.
Remcos is a kind of rat (remote access Trojan) that can be used to gain full control over and monitoring capabilities of any Windows computer from XP onwards.
Threat actors mostly use this for their purposes through phising emails. They attach pdfs, excel sheets and other such documents, which in reality includes executables for a REMCOS RAT.