Remcos RAT Delivered by a Steganographic Loader in Phishing Emails
ID: e822460a-8dc5-5173-8bb7-c2042644d115
STIX ID: report--e822460a-8dc5-5173-8bb7-c2042644d115
Feed Name: securityonline.info
Threat Score
K7 Security Labs identified a phishing campaign targeting Windows users in India that uses an archive attachment and a steganographic .NET loader chain to deliver Remcos RAT entirely in memory; the RAT performs persistence, process hollowing, keylogging, webcam/audio capture, and browser credential theft, and the same loader infrastructure has been observed delivering multiple other malware families.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
