Cybersecurity researchers have uncovered a new malware campaign using PowerShell-based shellcode loaders to deploy the Remcos RAT remotely. The attack involves disguising malicious files within ZIP archives and leveraging legitimate Windows tools like mshta.exe for infection.
Affected: organizations using email and file-sharing systems, Windows users, cybersecurity systems
Affected: organizations using email and file-sharing systems, Windows users, cybersecurity systems
Keypoints
- Threat actors utilize ZIP files with embedded LNK files to deliver malware disguised as Office documents.
- The attack chain uses mshta.exe to run obfuscated HTML Applications and download malicious scripts in memory.
- Remcos RAT provides full remote control capabilities, including keylogging, screenshot capture, and system data collection.
- Fileless malware techniques enable the malware to operate undetected by traditional security solutions.
- Advanced loaders use steganography and encrypted .NET components to evade detection and deploy multiple malware types.
Read More: https://thehackernews.com/2025/05/fileless-remcos-rat-delivered-via-lnk.html