GoTo Meeting loads RAT via Shellcode Loader

Description

A malicious campaign has been discovered that exploits the legitimate GoTo Meeting online conferencing software to deploy the Remcos remote access trojan (RAT). The attack chain involves utilizing lures like porn downloads, software setup files, and tax forms with Russian and English file names. It employs techniques such as LNK file execution chains, DLL sideloading, and Rust-written shellcode loaders to decrypt and execute the Remcos RAT payload. The campaign targets various groups, including those interested in pornographic content, software installations, and tax-related documents.