Stealthy Remcos RAT Campaign Utilizes Obfuscated Scripts in Phishing Attack

Severity: High (Score: 65.0)

Sources: Cybersecuritynews, Gbhackers

Summary

A new Remcos RAT campaign has been identified, employing obfuscated scripts and trusted Windows binaries to execute a largely fileless infection chain. The attack initiates through a phishing email containing a ZIP archive named 'MV MERKET COOPER SPECIFICATION.zip,' which mimics a legitimate business document to deceive users. This multi-stage attack does not rely on a single malicious file, making it more challenging for traditional defenses to detect. The infection runs almost entirely in memory, further complicating remediation efforts. Organizations utilizing Windows systems are particularly at risk due to the use of trusted binaries. The campaign highlights the evolving tactics of cybercriminals who are increasingly adept at evading detection. Current status indicates ongoing investigations into the scope and impact of the attack. No specific numbers or CVEs were mentioned in the articles. Key Points: • Remcos RAT campaign utilizes obfuscated scripts and trusted Windows tools. • Attack begins with a phishing email containing a deceptive ZIP file. • Infection chain operates largely in memory, evading traditional defenses.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Remcos RAT Campaign (campaign)
• Remcos RAT (malware)
• T1566.001 - Spearphishing Attachment (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Windows (platform)