Threat actors have leveraged a new fileless attack technique involving a PowerShell-based loader to covertly compromise targeted systems with an updated iteration of the Remcos RAT malware, according to Infosecurity Magazine.Intrusions commenced with the distribution of a malicious ZIP archive with a document-spoofing LNK file, the execution of which leads to the deployment of an obfuscated script, resulting in the evasion of Windows Defender, persistence via registry setting modifications, and multiple payload injections, a report from Qualys Threat Research Unit revealed. Included among the payloads is Remcos V6.0.0 Pro, which retains its predecessors' keystroke logging and browser data theft capabilities, but has been upgraded to include better idle-time tracking and infected host management, as well as public IP visibility. "[Remcos RAT] operates in memory, making it hard to catch with security tools. This highlights the importance of monitoring LNK files, MSHTA abuse, registry changes, and unusual PowerShell activity," said Qualys researchers, who recommended the implementation of PowerShell logging, Antimalware Scan Interface tracking, and robust endpoint detection and response systems to promptly mitigate the malware.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds