Who:
Entities Involved: Cybercriminals using a variant of Remcos RAT malware in a phishing campaign; Fortinet FortiGuard Labs identified this activity.
What:
Attack Vector: Phishing emails with purchase order themes lure victims into opening a malicious Excel attachment, which exploits an old Office vulnerability (CVE-2017-0199) to deliver Remcos RAT as a fileless payload.
Malware Capabilities: Remcos RAT can remotely control infected systems, collecting sensitive data and issuing commands for activities like file harvesting, process manipulation, registry editing, and enabling cameras or microphones.
Impact:
Security Risks: The fileless nature of Remcos RAT complicates detection, allowing attackers to evade security measures and maintain control over compromised systems. This campaign highlights evolving techniques in malware delivery through commonly used applications, increasing risks for unprotected users.
Read the full article HERE