Hackread reports that malicious actors have begun using malicious Windows shortcut files to distribute the Remcos RAT malware as part of a new attack campaign.
Intrusions commence with the delivery of phishing emails with an LNK attachment, which executes a PowerShell command that stealthily downloads or decodes a concealed payload upon clicking, according to a report from Point Wild's Lat61 Threat Intelligence team. Execution of the initial PowerShell command is followed by the retrieval of a Base64-encoded payload, which when decoded masquerades as a program information file that subsequently launches the Remcos RAT backdoor to enable total system takeovers. Aside from enabling keylogging, remote shell creation, and unauthorized file access, Remcos RAT could also allow webcam and microphone compromise for additional espionage, said researchers. Organizations and users have been urged to be vigilant of shortcut files from untrusted sources, as well as ensure up-to-date antivirus protections.
Intrusions commence with the delivery of phishing emails with an LNK attachment, which executes a PowerShell command that stealthily downloads or decodes a concealed payload upon clicking, according to a report from Point Wild's Lat61 Threat Intelligence team. Execution of the initial PowerShell command is followed by the retrieval of a Base64-encoded payload, which when decoded masquerades as a program information file that subsequently launches the Remcos RAT backdoor to enable total system takeovers. Aside from enabling keylogging, remote shell creation, and unauthorized file access, Remcos RAT could also allow webcam and microphone compromise for additional espionage, said researchers. Organizations and users have been urged to be vigilant of shortcut files from untrusted sources, as well as ensure up-to-date antivirus protections.
