Cybercriminals Leverage Excel Vulnerability to Distribute Fileless Remcos RAT Malware
Nov 11, 2024
Vulnerability / Network Security
Cybersecurity experts have uncovered a new phishing campaign that disseminates a fileless variant of the well-known Remcos RAT malware. According to Fortinet FortiGuard Labs researcher Xiaopeng Zhang, “Remcos RAT offers a comprehensive suite of advanced features for remotely controlling computers purchased by buyers.” However, cybercriminals have exploited Remcos to gather sensitive information and execute further malicious actions on victims’ systems.
The attack typically begins with a phishing email that employs purchase order themes to entice recipients into opening a malicious Microsoft Excel attachment. This Excel document exploits a known remote code execution vulnerability in Office (CVE-2017-0199, CVSS score: 7.8), allowing it to download an HTML Application (HTA) file (“cookienetbookinetcahce.hta”) from a remote server (“192.3.220[.]22”) and execute it using mshta.exe.
Vulnerability / Network Security
Cybercriminals Leverage Excel Vulnerability to Deploy Remcos RAT Malware November 11, 2024 Vulnerability / Network Security Recent cybersecurity investigations have unearthed a phishing campaign that propagates a new fileless variant of the notorious Remcos RAT (Remote Control Software). Fortinet FortiGuard Labs, through researcher Xiaopeng Zhang, provided an in-depth analysis, revealing…
Cybercriminals Leverage Excel Vulnerability to Distribute Fileless Remcos RAT Malware
Nov 11, 2024
Vulnerability / Network Security
Cybersecurity experts have uncovered a new phishing campaign that disseminates a fileless variant of the well-known Remcos RAT malware. According to Fortinet FortiGuard Labs researcher Xiaopeng Zhang, “Remcos RAT offers a comprehensive suite of advanced features for remotely controlling computers purchased by buyers.” However, cybercriminals have exploited Remcos to gather sensitive information and execute further malicious actions on victims’ systems.
The attack typically begins with a phishing email that employs purchase order themes to entice recipients into opening a malicious Microsoft Excel attachment. This Excel document exploits a known remote code execution vulnerability in Office (CVE-2017-0199, CVSS score: 7.8), allowing it to download an HTML Application (HTA) file (“cookienetbookinetcahce.hta”) from a remote server (“192.3.220[.]22”) and execute it using mshta.exe.