Stealthy Remcos Malware Attack Campaign Takes Aim at Colombian Firms

Researchers at Check Point have discovered a large-scale phishing campaign targeting over 40 companies in Colombia. The attackers sent deceptive emails appearing to be from trusted entities, including financial institutions and corporations, with attachments that contained the "Remcos" malware. The malware allows attackers to gain full control of infected computers and carry out various malicious activities, such as data theft and unauthorized access. The campaign uses highly obfuscated Batch (BAT) files and PowerShell commands to load .NET modules and ultimately install the Remcos malware. The researchers analyzed the technical aspects of the attack, including the decryption and deobfuscation of the malware's code. They also identified functions that unhook DLLs and patch functions in memory.