Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware


Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT.  Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer. The starting point of the attack is a phishing email that uses purchase order-themed lures to convince recipients to open a Microsoft Excel attachment. The malicious Excel document is designed to exploit a known remote code execution flaw in Office (CVE-2017-0199, CVSS score: 7.8) to download an HTML Application (HTA) file ("cookienetbookinetcahce.hta") from a remote server ("192.3.220[.]22") and launch it using mshta.exe.

Read More


thumb-image

Solutions