Updated Remcos RAT features enhanced surveillance

Widely exploited Remcos RAT malware has gained a new variant integrating real-time surveillance and keystroke transmission capabilities, as well as increased stealth, via modular DLL plugins and encrypted command-and-control channels, Infosecurity Magazine reports.

Aside from enabling live webcam streaming through a module retrieved and executed only when instructed, the updated Remcos RAT version also decrypts encrypted C2 configuration only in memory, while using dynamic API resolution to prevent analysis, according to an analysis from Point Wild's Lat61 Threat Intelligence Team. Additional stealth has been achieved by the new Remcos RAT variant through the deletion of screenshots, audio recordings, keylogging files, browser cookies, and persistence-linked registry entries, as well as the creation of a temporary Visual Basic script enabling the removal of proprietary files, prior to its termination.

"The latest Remcos variants demonstrate a continued evolution in both stealth and functionality. Overall, the persistence of Remcos and the steady refinement of its techniques highlight its ongoing effectiveness as a remote access trojan," said researchers.