Remcos RAT(远程访问木马)的新传播方式:伪装为成人游戏

admin 2024年2月1日22:30:20评论24 views字数 2112阅读7分2秒阅读模式

Remcos RAT(远程访问木马)的新传播方式:伪装为成人游戏

The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea.

远程访问木马(RAT)被称为Remcos RAT,被发现通过在韩国将其伪装成成人主题游戏来传播。

WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country.


While webhards have been used in the past to deliver njRAT, UDP RAT, and DDoS botnet malware, the AhnLab Security Emergency Response Center's (ASEC) latest analysis shows that the technique has been adopted to distribute Remcos RAT.

尽管过去曾使用webhards来传递njRAT,UDP RAT和DDoS僵尸网络恶意软件,但安全紧急响应中心(ASEC)最新的分析显示,这种技术已被采用用于传播Remcos RAT。

In these attacks, users are tricked into opening booby-trapped files by passing them off as adult games, which, when launched, execute malicious Visual Basic scripts in order to run an intermediate binary named "ffmpeg.exe."

在这些攻击中,用户被欺骗打开陷阱文件,将它们伪装成成人游戏,当启动时执行恶意的Visual Basic脚本,以运行一个名为"ffmpeg.exe"的中间二进制文件。

This results in the retrieval of Remcos RAT from an actor-controlled server.

这导致从由行为人控制的服务器检索Remcos RAT。

Remcos RAT(远程访问木马)的新传播方式:伪装为成人游戏

A sophisticated RAT, Remcos (aka Remote Control and Surveillance) facilitates unauthorized remote control and surveillance of compromised hosts, enabling threat actors to exfiltrate sensitive data.


This malware, although originally marketed by Germany-based firm Breaking Security in 2016 as a bonafide remote administration tool, has metamorphosed into a potent weapon wielded by adversaries actors to infiltrate systems and establish unfettered control.

尽管这种恶意软件最初是由总部位于德国的公司Breaking Security在2016年作为合法远程管理工具来营销的,但它已经变形成为威胁行为人员利用的一种有力武器,用来渗透系统并建立无拘束的控制。

"Remcos RAT has evolved into a malicious tool employed by threat actors across various campaigns," Cyfirma noted in an analysis in August 2023.

"在2023年8月的一项分析中,Cyfirma指出"Remcos RAT已经发展成为威胁行为人员在各种行动中使用的恶意工具。

"The malware's multifunctional capabilities, including keylogging, audio recording, screenshot capture, and more, highlight its potential to compromise user privacy, exfiltrate sensitive data, and manipulate systems. The RAT's ability to disable User Account Control (UAC) and establish persistence further amplifies its potential impact."


原文始发于微信公众号(知机安全):Remcos RAT(远程访问木马)的新传播方式:伪装为成人游戏

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
  • 本文由 发表于 2024年2月1日22:30:20
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Remcos RAT(远程访问木马)的新传播方式:伪装为成人游戏


匿名网友 填写信息