The attackers employed highly obfuscated BAT files and multi-layered obfuscation techniques to evade detection and load the Remcos malware into memory, bypassing traditional antivirus and endpoint security solutions.

Stealthy Remcos Malware Attack Campaign Takes Aim at Colombian Firms

Researchers at Check Point have discovered a large-scale phishing campaign targeting over 40 companies in Colombia. The attackers sent deceptive emails appearing to be from trusted entities, including financial institutions and corporations, with attachments that contained the "Remcos" malware. The malware allows attackers to gain full control of infected computers and carry out various malicious activities, such as data theft and unauthorized access. The campaign uses highly obfuscated Batch (BAT) files and PowerShell commands to load .NET modules and ultimately install the Remcos malware. The researchers analyzed the technical aspects of the attack, including the decryption and deobfuscation of the malware's code. They also identified functions that unhook DLLs and patch functions in memory.

Back to Home


  • No comments yet.