Fileless Remcos RAT Delivered Via LNK Files And MSHTA In PowerShell-Based Attacks - Cybernoz - Cybersecurity News

Fileless Remcos RAT Delivered Via LNK Files And MSHTA In PowerShell-Based Attacks - Cybernoz - Cybersecurity News

Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT. “Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents,” Qualys security researcher Akshay Thorve said in a technical report. “The attack chain leverages mshta.exe for proxy execution during the initial stage.” The late…

Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts

A new wave of attacks uses PowerShell and LNK files to install Remcos RAT, enabling full remote control and surveillance of infected systems.

Stealth RAT uses a PowerShell loader for fileless attacks

>Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory. “The attackers behind Remcos are evolving their tactics,” said Xiaopeng Zhang, a…

Qualys Announces New PowerShell-based Shellcode Loader Executing Remcos RAT – Global Security Mag Online

The Qualys Threat Research Unit (TRU) announced that they have discovered a new PowerShell-based shellcode loader, designed to load and execute a variant of Remcos RAT. The infection begins with a ZIP archive (new-tax311.ZIP), which contains a malicious LNK file (new-tax311.lnk). When executed, the LNK file triggers an attack, leveraging MSHTA.exe to run an obfuscated PowerShell script.The downloaded PowerShell payload 24.ps1 is heavily obfuscat…