Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
AhnLab Security warns about more frequent attacks through web data warehouses.
A new method for distributing the remote access Trojan (RAT), known as Remcos, has been discovered in South Korea. According to the latest data from the AhnLab security analysis Center (ASEC), attackers spread malware disguised as adult games on popular web data warehouses such as WebHard.
WebHard is a widely used online storage system in South Korea that allows you to upload, download, and share files. Previously, other malicious programs were distributed through such services, including njRAT, UDP RAT, as well as various botnets for DDoS attacks.
In a new malware campaign, users download files that supposedly contain adult games that actually run malicious scripts in Visual Basic. These scripts activate an intermediate binary file called "ffmpeg.exe", which, in turn, downloads Remcos RAT from the attackers server.
Remcos RAT, developed by the German company Breaking Security in 2016 as a legitimate Windows remote administration tool, was later transformed into a powerful tool in the hands of intruders. This program allows unauthorized management of infected systems and surveillance, which allows attackers to steal confidential data.
As noted by Cyfirma in its analysis published in August 2023, Remcos RAT has multifunctional capabilities: registering keystrokes, recording audio, creating screenshots and other functions that threaten user privacy. The malware can disable user account control (UAC) and establish a permanent presence in the system, which significantly increases its malicious potential.
Users are advised to exercise caution when downloading files from unverified sources, especially when accessing content presented as adult entertainment or gaming apps.
Cybersecurity experts emphasize the importance of using reliable antivirus programs and regularly updating the software to prevent such threats.
A new method for distributing the remote access Trojan (RAT), known as Remcos, has been discovered in South Korea. According to the latest data from the AhnLab security analysis Center (ASEC), attackers spread malware disguised as adult games on popular web data warehouses such as WebHard.
WebHard is a widely used online storage system in South Korea that allows you to upload, download, and share files. Previously, other malicious programs were distributed through such services, including njRAT, UDP RAT, as well as various botnets for DDoS attacks.
In a new malware campaign, users download files that supposedly contain adult games that actually run malicious scripts in Visual Basic. These scripts activate an intermediate binary file called "ffmpeg.exe", which, in turn, downloads Remcos RAT from the attackers server.
Remcos RAT, developed by the German company Breaking Security in 2016 as a legitimate Windows remote administration tool, was later transformed into a powerful tool in the hands of intruders. This program allows unauthorized management of infected systems and surveillance, which allows attackers to steal confidential data.
As noted by Cyfirma in its analysis published in August 2023, Remcos RAT has multifunctional capabilities: registering keystrokes, recording audio, creating screenshots and other functions that threaten user privacy. The malware can disable user account control (UAC) and establish a permanent presence in the system, which significantly increases its malicious potential.
Users are advised to exercise caution when downloading files from unverified sources, especially when accessing content presented as adult entertainment or gaming apps.
Cybersecurity experts emphasize the importance of using reliable antivirus programs and regularly updating the software to prevent such threats.
