RemcosRAT Distributed Using Steganography

Tags

External References

• https://asec.ahnlab.com/
• https://otx.alienvault.com/

Description

Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganography techniques. The attack starts with a malicious Word document exploiting template injection, leading to the download of an RTF file that leverages an equation editor vulnerability. Subsequently, obfuscated scripts are fetched to ultimately execute RemcosRAT via process hollowing, evading detection. This intricate operation highlights the evolving tactics employed by threat actors to distribute malware.

Date