Remcos RAT（远程访问木马）的新传播方式：伪装为成人游戏

The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea.

远程访问木马（RAT）被称为Remcos RAT，被发现通过在韩国将其伪装成成人主题游戏来传播。

WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country.

Webhard，简称为网络硬盘，是一种流行的在线文件存储系统，用于在韩国上传、下载和共享文件。

While webhards have been used in the past to deliver njRAT, UDP RAT, and DDoS botnet malware, the AhnLab Security Emergency Response Center's (ASEC) latest analysis shows that the technique has been adopted to distribute Remcos RAT.

尽管过去曾使用webhards来传递njRAT，UDP RAT和DDoS僵尸网络恶意软件，但安全紧急响应中心（ASEC）最新的分析显示，这种技术已被采用用于传播Remcos RAT。

In these attacks, users are tricked into opening booby-trapped files by passing them off as adult games, which, when launched, execute malicious Visual Basic scripts in order to run an intermediate binary named "ffmpeg.exe."

在这些攻击中，用户被欺骗打开陷阱文件，将它们伪装成成人游戏，当启动时执行恶意的Visual Basic脚本，以运行一个名为"ffmpeg.exe"的中间二进制文件。

This results in the retrieval of Remcos RAT from an actor-controlled server.

这导致从由行为人控制的服务器检索Remcos RAT。

A sophisticated RAT, Remcos (aka Remote Control and Surveillance) facilitates unauthorized remote control and surveillance of compromised hosts, enabling threat actors to exfiltrate sensitive data.

一个复杂的RAT，Remcos（又称远程控制和监视）可以未经授权地对受损主机进行远程控制和监视，从而使威胁行为人员能够窃取敏感数据。

This malware, although originally marketed by Germany-based firm Breaking Security in 2016 as a bonafide remote administration tool, has metamorphosed into a potent weapon wielded by adversaries actors to infiltrate systems and establish unfettered control.

尽管这种恶意软件最初是由总部位于德国的公司Breaking Security在2016年作为合法远程管理工具来营销的，但它已经变形成为威胁行为人员利用的一种有力武器，用来渗透系统并建立无拘束的控制。

"Remcos RAT has evolved into a malicious tool employed by threat actors across various campaigns," Cyfirma noted in an analysis in August 2023.

"在2023年8月的一项分析中，Cyfirma指出"Remcos RAT已经发展成为威胁行为人员在各种行动中使用的恶意工具。

"The malware's multifunctional capabilities, including keylogging, audio recording, screenshot capture, and more, highlight its potential to compromise user privacy, exfiltrate sensitive data, and manipulate systems. The RAT's ability to disable User Account Control (UAC) and establish persistence further amplifies its potential impact."

此外，该RAT具有禁用用户帐户控制（UAC）和建立持久性的能力，进一步增强了其潜在影响力。"

原文始发于微信公众号（知机安全）：Remcos RAT（远程访问木马）的新传播方式：伪装为成人游戏