#remcos — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #remcos, aggregated by home.social.
-
Viewing #remcos alerts from FlowCarp in @ish's #EveBox
https://netresec.com/?b=2659fc0 -
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
Pulse ID: 69fc18195fe7d237ecac39b2
Pulse Link: https://otx.alienvault.com/pulse/69fc18195fe7d237ecac39b2
Pulse Author: Tr1sa111
Created: 2026-05-07 04:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Remcos #RemcosRAT #bot #Tr1sa111
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
Pulse ID: 69fc18195fe7d237ecac39b2
Pulse Link: https://otx.alienvault.com/pulse/69fc18195fe7d237ecac39b2
Pulse Author: Tr1sa111
Created: 2026-05-07 04:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Remcos #RemcosRAT #bot #Tr1sa111
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
Pulse ID: 69fc18195fe7d237ecac39b2
Pulse Link: https://otx.alienvault.com/pulse/69fc18195fe7d237ecac39b2
Pulse Author: Tr1sa111
Created: 2026-05-07 04:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Remcos #RemcosRAT #bot #Tr1sa111
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
Pulse ID: 69fc18195fe7d237ecac39b2
Pulse Link: https://otx.alienvault.com/pulse/69fc18195fe7d237ecac39b2
Pulse Author: Tr1sa111
Created: 2026-05-07 04:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Remcos #RemcosRAT #bot #Tr1sa111
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
Pulse ID: 69fc18195fe7d237ecac39b2
Pulse Link: https://otx.alienvault.com/pulse/69fc18195fe7d237ecac39b2
Pulse Author: Tr1sa111
Created: 2026-05-07 04:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Remcos #RemcosRAT #bot #Tr1sa111
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
In March 2026, threat actors weaponized the OpenClaw AI agent framework by publishing a deceptive "DeepSeek-Claw" skill. This skill embedded malicious installation instructions designed to trick AI agents and developers into executing hidden payloads. On Windows systems, a PowerShell command downloads an MSI package containing a legitimate signed GoToMeeting executable that sideloads a malicious DLL. This loader patches ETW and AMSI for evasion, then decrypts and executes Remcos RAT using TEA encryption, enabling remote access and data theft including keylogging and cookie stealing. An alternate execution path for macOS and Linux delivers GhostLoader through obfuscated Node.js scripts, harvesting credentials via fake sudo prompts and exfiltrating SSH keys, cryptocurrency wallets, and cloud API tokens. This campaign represents an emerging threat vector exploiting autonomous AI workflows and developer trust in open-source frameworks.
Pulse ID: 69fa3aacdd4e111bac9bad11
Pulse Link: https://otx.alienvault.com/pulse/69fa3aacdd4e111bac9bad11
Pulse Author: AlienVault
Created: 2026-05-05 18:45:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cloud #CyberSecurity #DataTheft #Encryption #InfoSec #Linux #Mac #MacOS #Nodejs #OTX #OpenThreatExchange #PowerShell #RAT #RCE #Remcos #RemcosRAT #Rust #SSH #Windows #bot #cryptocurrency #developers #AlienVault
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
In March 2026, threat actors weaponized the OpenClaw AI agent framework by publishing a deceptive "DeepSeek-Claw" skill. This skill embedded malicious installation instructions designed to trick AI agents and developers into executing hidden payloads. On Windows systems, a PowerShell command downloads an MSI package containing a legitimate signed GoToMeeting executable that sideloads a malicious DLL. This loader patches ETW and AMSI for evasion, then decrypts and executes Remcos RAT using TEA encryption, enabling remote access and data theft including keylogging and cookie stealing. An alternate execution path for macOS and Linux delivers GhostLoader through obfuscated Node.js scripts, harvesting credentials via fake sudo prompts and exfiltrating SSH keys, cryptocurrency wallets, and cloud API tokens. This campaign represents an emerging threat vector exploiting autonomous AI workflows and developer trust in open-source frameworks.
Pulse ID: 69fa3aacdd4e111bac9bad11
Pulse Link: https://otx.alienvault.com/pulse/69fa3aacdd4e111bac9bad11
Pulse Author: AlienVault
Created: 2026-05-05 18:45:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cloud #CyberSecurity #DataTheft #Encryption #InfoSec #Linux #Mac #MacOS #Nodejs #OTX #OpenThreatExchange #PowerShell #RAT #RCE #Remcos #RemcosRAT #Rust #SSH #Windows #bot #cryptocurrency #developers #AlienVault
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
In March 2026, threat actors weaponized the OpenClaw AI agent framework by publishing a deceptive "DeepSeek-Claw" skill. This skill embedded malicious installation instructions designed to trick AI agents and developers into executing hidden payloads. On Windows systems, a PowerShell command downloads an MSI package containing a legitimate signed GoToMeeting executable that sideloads a malicious DLL. This loader patches ETW and AMSI for evasion, then decrypts and executes Remcos RAT using TEA encryption, enabling remote access and data theft including keylogging and cookie stealing. An alternate execution path for macOS and Linux delivers GhostLoader through obfuscated Node.js scripts, harvesting credentials via fake sudo prompts and exfiltrating SSH keys, cryptocurrency wallets, and cloud API tokens. This campaign represents an emerging threat vector exploiting autonomous AI workflows and developer trust in open-source frameworks.
Pulse ID: 69fa3aacdd4e111bac9bad11
Pulse Link: https://otx.alienvault.com/pulse/69fa3aacdd4e111bac9bad11
Pulse Author: AlienVault
Created: 2026-05-05 18:45:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cloud #CyberSecurity #DataTheft #Encryption #InfoSec #Linux #Mac #MacOS #Nodejs #OTX #OpenThreatExchange #PowerShell #RAT #RCE #Remcos #RemcosRAT #Rust #SSH #Windows #bot #cryptocurrency #developers #AlienVault
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
In March 2026, threat actors weaponized the OpenClaw AI agent framework by publishing a deceptive "DeepSeek-Claw" skill. This skill embedded malicious installation instructions designed to trick AI agents and developers into executing hidden payloads. On Windows systems, a PowerShell command downloads an MSI package containing a legitimate signed GoToMeeting executable that sideloads a malicious DLL. This loader patches ETW and AMSI for evasion, then decrypts and executes Remcos RAT using TEA encryption, enabling remote access and data theft including keylogging and cookie stealing. An alternate execution path for macOS and Linux delivers GhostLoader through obfuscated Node.js scripts, harvesting credentials via fake sudo prompts and exfiltrating SSH keys, cryptocurrency wallets, and cloud API tokens. This campaign represents an emerging threat vector exploiting autonomous AI workflows and developer trust in open-source frameworks.
Pulse ID: 69fa3aacdd4e111bac9bad11
Pulse Link: https://otx.alienvault.com/pulse/69fa3aacdd4e111bac9bad11
Pulse Author: AlienVault
Created: 2026-05-05 18:45:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cloud #CyberSecurity #DataTheft #Encryption #InfoSec #Linux #Mac #MacOS #Nodejs #OTX #OpenThreatExchange #PowerShell #RAT #RCE #Remcos #RemcosRAT #Rust #SSH #Windows #bot #cryptocurrency #developers #AlienVault
-
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
In March 2026, threat actors weaponized the OpenClaw AI agent framework by publishing a deceptive "DeepSeek-Claw" skill. This skill embedded malicious installation instructions designed to trick AI agents and developers into executing hidden payloads. On Windows systems, a PowerShell command downloads an MSI package containing a legitimate signed GoToMeeting executable that sideloads a malicious DLL. This loader patches ETW and AMSI for evasion, then decrypts and executes Remcos RAT using TEA encryption, enabling remote access and data theft including keylogging and cookie stealing. An alternate execution path for macOS and Linux delivers GhostLoader through obfuscated Node.js scripts, harvesting credentials via fake sudo prompts and exfiltrating SSH keys, cryptocurrency wallets, and cloud API tokens. This campaign represents an emerging threat vector exploiting autonomous AI workflows and developer trust in open-source frameworks.
Pulse ID: 69fa3aacdd4e111bac9bad11
Pulse Link: https://otx.alienvault.com/pulse/69fa3aacdd4e111bac9bad11
Pulse Author: AlienVault
Created: 2026-05-05 18:45:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cloud #CyberSecurity #DataTheft #Encryption #InfoSec #Linux #Mac #MacOS #Nodejs #OTX #OpenThreatExchange #PowerShell #RAT #RCE #Remcos #RemcosRAT #Rust #SSH #Windows #bot #cryptocurrency #developers #AlienVault
-
-
When your #malspam threat actor forgets to properly configure their #remcos ....ya "Juniorer" indeed 🤣
https://app.any.run/tasks/1ff77354-94ca-4d30-b6f7-a86aff32e1af
-
When your #malspam threat actor forgets to properly configure their #remcos ....ya "Juniorer" indeed 🤣
https://app.any.run/tasks/1ff77354-94ca-4d30-b6f7-a86aff32e1af
-
When your #malspam threat actor forgets to properly configure their #remcos ....ya "Juniorer" indeed 🤣
https://app.any.run/tasks/1ff77354-94ca-4d30-b6f7-a86aff32e1af
-
When your #malspam threat actor forgets to properly configure their #remcos ....ya "Juniorer" indeed 🤣
https://app.any.run/tasks/1ff77354-94ca-4d30-b6f7-a86aff32e1af
-
When your #malspam threat actor forgets to properly configure their #remcos ....ya "Juniorer" indeed 🤣
https://app.any.run/tasks/1ff77354-94ca-4d30-b6f7-a86aff32e1af
-
March 2026 Phishing Email Trends Report
In March 2026, trojans represented 21% of attachment-based threats, while phishing attacks using fake pages dropped from 42% to 15% month-over-month. Script-based malware increased significantly, with HTML at 14% and JavaScript at 11%. Compressed files including ZIP (14%), RAR (8%), and 7Z (5%) were common distribution methods. Document-based threats utilized PDF (13%), XLS (5%), and DOCX (2%) files. Attackers impersonated courier services like FedEx and DHL, as well as financial institutions including Hana Bank and Woori Bank. Distribution methods included HTML scripts and PDF hyperlinks leading to credential-stealing pages. Notable malware families included RemcosRAT and AgentTesla, with command-and-control infrastructure utilizing Telegram API tokens and external mail servers for data exfiltration.
Pulse ID: 69e8738326fb86b891dd3c1f
Pulse Link: https://otx.alienvault.com/pulse/69e8738326fb86b891dd3c1f
Pulse Author: AlienVault
Created: 2026-04-22 07:06:43Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Email #HTML #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #PDF #Phishing #RAT #Remcos #RemcosRAT #Telegram #Tesla #Trojan #ZIP #bot #AlienVault
-
March 2026 Phishing Email Trends Report
In March 2026, trojans represented 21% of attachment-based threats, while phishing attacks using fake pages dropped from 42% to 15% month-over-month. Script-based malware increased significantly, with HTML at 14% and JavaScript at 11%. Compressed files including ZIP (14%), RAR (8%), and 7Z (5%) were common distribution methods. Document-based threats utilized PDF (13%), XLS (5%), and DOCX (2%) files. Attackers impersonated courier services like FedEx and DHL, as well as financial institutions including Hana Bank and Woori Bank. Distribution methods included HTML scripts and PDF hyperlinks leading to credential-stealing pages. Notable malware families included RemcosRAT and AgentTesla, with command-and-control infrastructure utilizing Telegram API tokens and external mail servers for data exfiltration.
Pulse ID: 69e8738326fb86b891dd3c1f
Pulse Link: https://otx.alienvault.com/pulse/69e8738326fb86b891dd3c1f
Pulse Author: AlienVault
Created: 2026-04-22 07:06:43Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Email #HTML #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #PDF #Phishing #RAT #Remcos #RemcosRAT #Telegram #Tesla #Trojan #ZIP #bot #AlienVault
-
March 2026 Phishing Email Trends Report
In March 2026, trojans represented 21% of attachment-based threats, while phishing attacks using fake pages dropped from 42% to 15% month-over-month. Script-based malware increased significantly, with HTML at 14% and JavaScript at 11%. Compressed files including ZIP (14%), RAR (8%), and 7Z (5%) were common distribution methods. Document-based threats utilized PDF (13%), XLS (5%), and DOCX (2%) files. Attackers impersonated courier services like FedEx and DHL, as well as financial institutions including Hana Bank and Woori Bank. Distribution methods included HTML scripts and PDF hyperlinks leading to credential-stealing pages. Notable malware families included RemcosRAT and AgentTesla, with command-and-control infrastructure utilizing Telegram API tokens and external mail servers for data exfiltration.
Pulse ID: 69e8738326fb86b891dd3c1f
Pulse Link: https://otx.alienvault.com/pulse/69e8738326fb86b891dd3c1f
Pulse Author: AlienVault
Created: 2026-04-22 07:06:43Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Email #HTML #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #PDF #Phishing #RAT #Remcos #RemcosRAT #Telegram #Tesla #Trojan #ZIP #bot #AlienVault
-
March 2026 Phishing Email Trends Report
In March 2026, trojans represented 21% of attachment-based threats, while phishing attacks using fake pages dropped from 42% to 15% month-over-month. Script-based malware increased significantly, with HTML at 14% and JavaScript at 11%. Compressed files including ZIP (14%), RAR (8%), and 7Z (5%) were common distribution methods. Document-based threats utilized PDF (13%), XLS (5%), and DOCX (2%) files. Attackers impersonated courier services like FedEx and DHL, as well as financial institutions including Hana Bank and Woori Bank. Distribution methods included HTML scripts and PDF hyperlinks leading to credential-stealing pages. Notable malware families included RemcosRAT and AgentTesla, with command-and-control infrastructure utilizing Telegram API tokens and external mail servers for data exfiltration.
Pulse ID: 69e8738326fb86b891dd3c1f
Pulse Link: https://otx.alienvault.com/pulse/69e8738326fb86b891dd3c1f
Pulse Author: AlienVault
Created: 2026-04-22 07:06:43Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Email #HTML #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #PDF #Phishing #RAT #Remcos #RemcosRAT #Telegram #Tesla #Trojan #ZIP #bot #AlienVault
-
March 2026 Phishing Email Trends Report
In March 2026, trojans represented 21% of attachment-based threats, while phishing attacks using fake pages dropped from 42% to 15% month-over-month. Script-based malware increased significantly, with HTML at 14% and JavaScript at 11%. Compressed files including ZIP (14%), RAR (8%), and 7Z (5%) were common distribution methods. Document-based threats utilized PDF (13%), XLS (5%), and DOCX (2%) files. Attackers impersonated courier services like FedEx and DHL, as well as financial institutions including Hana Bank and Woori Bank. Distribution methods included HTML scripts and PDF hyperlinks leading to credential-stealing pages. Notable malware families included RemcosRAT and AgentTesla, with command-and-control infrastructure utilizing Telegram API tokens and external mail servers for data exfiltration.
Pulse ID: 69e8738326fb86b891dd3c1f
Pulse Link: https://otx.alienvault.com/pulse/69e8738326fb86b891dd3c1f
Pulse Author: AlienVault
Created: 2026-04-22 07:06:43Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Email #HTML #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #PDF #Phishing #RAT #Remcos #RemcosRAT #Telegram #Tesla #Trojan #ZIP #bot #AlienVault
-
ISC Diary: #SmartApeSG campaign pushes #Remcos #RAT, #NetSupportRAT, #StealC and #SectopRAT (#ArechC https://isc.sans.edu/diary/32826
-
ISC Diary: #SmartApeSG campaign pushes #Remcos #RAT, #NetSupportRAT, #StealC and #SectopRAT (#ArechC https://isc.sans.edu/diary/32826
-
ISC Diary: #SmartApeSG campaign pushes #Remcos #RAT, #NetSupportRAT, #StealC and #SectopRAT (#ArechC https://isc.sans.edu/diary/32826
-
ISC diary: #SmartApeSG campaign uses #ClickFix page to push #Remcos #RAT (#RemcosRAT) https://isc.sans.edu/diary/32796
-
ISC diary: #SmartApeSG campaign uses #ClickFix page to push #Remcos #RAT (#RemcosRAT) https://isc.sans.edu/diary/32796
-
ISC diary: #SmartApeSG campaign uses #ClickFix page to push #Remcos #RAT (#RemcosRAT) https://isc.sans.edu/diary/32796
-
A hilariously broken #remcos #rat at:
https://refaccionesalma\.com\.mx/cor/ENCRYPTED.ps1
https://app.any.run/tasks/3ab78a39-ee40-4661-9171-bc918f18b432
dumps aspnet_compiler.exe as remcos.exe 😅 Actual exe is fe2dcfff84a13a6ef8835a51a70d8d7b77e98635fbb2524f4fc03b5cb5f9a62a, c2 mrekuro.hopto\.org:5675
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT.
The #Remcos #RAT C2 server is at 192.144.56[.]80.
A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
-
2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT.
The #Remcos #RAT C2 server is at 192.144.56[.]80.
A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
-
2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT.
The #Remcos #RAT C2 server is at 192.144.56[.]80.
A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
-
2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT.
The #Remcos #RAT C2 server is at 192.144.56[.]80.
A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
-
2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT.
The #Remcos #RAT C2 server is at 192.144.56[.]80.
A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
-
Some #remcos in here, c2 179.43.176.6 5eaafdddb567070ed2cca9349b837063d6720e2ddb74f0c8609809059d91d005
-
Fileless Remcos Attacks: Injecting Malicious Code into RMClient to Evade EDR https://gbhackers.com/fileless-remcos-attacks/ #CyberSecurityNews #cybersecurity #Remcos
-
Been a while since I've seen a bundle:
https://app.any.run/tasks/854ff7f7-2165-4d69-8390-cd374c19b570
https://api.telegram\.org/bot8344787963 on the #snakekeylogger
-
New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor – Source:hackread.com https://ciso2ciso.com/new-attack-uses-windows-shortcut-files-to-install-remcos-backdoor-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttack #PowerShell #backdoor #Hackread #security #malware #Windows #Remcos #RAT
-
New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor https://hackread.com/attack-windows-shortcut-files-install-remcos-backdoor/ #Cybersecurity #CyberAttack #PowerShell #Security #backdoor #Malware #Windows #Remcos #RAT
-
New malware campaign uses #Windows shortcut files to deliver the #REMCOS backdoor, giving attackers full control over victims' systems.
🔗 https://hackread.com/attack-windows-shortcut-files-install-remcos-backdoor/
-
New malware campaign uses #Windows shortcut files to deliver the #REMCOS backdoor, giving attackers full control over victims' systems.
🔗 https://hackread.com/attack-windows-shortcut-files-install-remcos-backdoor/
-
New malware campaign uses #Windows shortcut files to deliver the #REMCOS backdoor, giving attackers full control over victims' systems.
🔗 https://hackread.com/attack-windows-shortcut-files-install-remcos-backdoor/