Remcos RAT Being Distributed to Korean Users

AhnLab ASEC reports an active Remcos RAT campaign targeting users in South Korea that impersonates gambling 'blocklist lookup' tools and VeraCrypt installers. The actors use multi-stage obfuscated VBS/PowerShell droppers, a .NET injector (which exfiltrates logs via Discord webhooks) and injects Remcos into legitimate processes; the report includes configuration examples, Korean-language artifacts, and IOCs (MD5s, URLs, IPs).