The AhnLab Security Intelligence Center (ASEC) discovered that the Remcos RAT malware is being distributed disguised as adult games through webhards in South Korea. The RAT, originally marketed as a legitimate remote administration tool, has evolved into a powerful weapon used by threat actors for unauthorized remote control, surveillance, and data exfiltration.
Diving into details
The infection process begins with the user downloading what appears to be an adult game. However, this is a malicious VBS file that, once executed, connects to a remote server to download Remcos RAT.
This malware then compromises the system, allowing attackers remote access and control.
Subsequently, it attempts to perform additional behaviors by injecting it into ServiceModelReg.exe.
A bit on Remcos RAT
The malware can log keystrokes, steal data, and activate cameras and microphones.
Its multi-functional capabilities pose a significant threat to user privacy and system security, making it a potent tool for compromising and manipulating systems.
The use of common file-sharing platforms for its distribution makes it particularly dangerous, as users might lower their guard on seemingly reliable websites.
The bottom line
This campaign emphasizes the need for heightened vigilance when downloading files from the internet, particularly from file-sharing websites such as webhards. Users are advised to download software only from official and verified sources. Regular updates of antivirus and anti-malware programs can also provide an additional layer of protection against such threats.