New Remcos RAT campaign aimed at South Korea uncovered

January 20, 2026

GBHackers News reports that intrusions spreading the RemcosRAT malware via illegal online gambling-linked tools and counterfeit VeraCrypt installers have been launched against South Korean users.

Telegram and web browsers have been leveraged by attackers to target illegal sports-betting and casino site users and operators with the "Blocklist User DB Lookup *****Club" program, whose executable includes a pair of malignant VBS scripts that facilitate Remcos RAT delivery, a report from the AhnLab Security Intelligence Center showed. Attackers have also used trojanized installers for the VeraCrypt disk encryption tool to trigger a multi-stage attack chain leading to the decryption of Remcos RAT.

Aside from enabling remote command execution, file management, and process control, Remcos RAT also allows screenshot capturing, webcam and microphone surveillance, keylogging, clipboard monitoring, and browser- and app-stored data compromise. Organizations and users have been warned against downloading installers from unofficial sources to mitigate potential compromise.

SC Staff

Ransomware

Attackers drop DragonForce ransomware leveraging MS Teams relay systems

Steve ZurierJune 17, 2026

DragonForce ransomware abused Microsoft Teams relay infrastructure to hide C2 traffic.

Malware

SprySOCKS backdoor expands to Windows with new variants

SC StaffJune 16, 2026

The Windows variants, WIN_DRV and WIN_PLUS, retain the core architecture of their Linux predecessor, including command-and-control (C2) protocols and encryption methods.

Malware

Malware distributed via Steam Workshop wallpapers

SC StaffJune 16, 2026

Kaspersky researchers have identified that malicious actors are exploiting the Steam Workshop platform, specifically through the Wallpaper Engine application, to distribute malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

Adware