A newly observed Remcos RAT variant adds real-time surveillance—including live webcam streaming and online keylogging—and stronger evasion techniques that reduce forensic traces on Windows systems. Researchers at Point Wild’s Lat61 team report the strain fetches modular DLL plugins from C2 servers, decrypts configuration only in memory, resolves Windows APIs dynamically, and executes cleanup and persistence routines to maintain control. #Remcos #PointWild
Keypoints
- Remcos now streams webcam footage in real time via DLL modules downloaded from attacker-controlled C2 servers.
- Captured keystrokes are transmitted instantly to C2 servers instead of being stored locally.
- The RAT decrypts its C2 configuration only in memory to avoid static detection.
- Dynamic API resolution and runtime DLL loading hinder static analysis and detection.
- Cleanup routines remove logs, browser data and persistence keys, and a temporary VB script deletes the malware before termination.
Read More: https://www.infosecurity-magazine.com/news/remcos-rat-expands-real-time/