logo

Remcos RAT Delivered by a Steganographic Loader in Phishing Emails

ID: e822460a-8dc5-5173-8bb7-c2042644d115

STIX ID: report--e822460a-8dc5-5173-8bb7-c2042644d115

Feed Name: securityonline.info

Threat Score
75/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Do Son

...
...

K7 Security Labs identified a phishing campaign targeting Windows users in India that uses an archive attachment and a steganographic .NET loader chain to deliver Remcos RAT entirely in memory; the RAT performs persistence, process hollowing, keylogging, webcam/audio capture, and browser credential theft, and the same loader infrastructure has been observed delivering multiple other malware families.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.