Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Fileless Remcos RAT Spread via Excel Exploit

November 11, 2024
Reading Time: 2 mins read
in Alerts
Fileless Remcos RAT Spread via Excel Exploit

Cybersecurity researchers have uncovered a sophisticated phishing campaign deploying a fileless version of the Remcos Remote Access Trojan (RAT), using Microsoft Excel as the entry point to evade traditional security defenses. The attack begins with a phishing email crafted around a purchase order theme, aiming to persuade recipients to open a malicious Excel attachment. This document exploits a known remote code execution vulnerability in Microsoft Office (CVE-2017-0199), enabling attackers to deliver malicious files through seemingly benign documents. The vulnerability, with a CVSS score of 7.8, has been exploited to download an HTML Application (HTA) file, “cookienetbookinetcahce.hta,” which launches using the mshta.exe utility, making the attack harder to detect.

Once the HTA file is executed, it goes through multiple layers of obfuscation involving JavaScript, Visual Basic Script, and PowerShell code. This layered approach serves to hide malicious intent from detection tools and security analysts. The file’s primary function is to retrieve an executable from a remote server, which subsequently runs an additional PowerShell program cloaked with anti-analysis and anti-debugging mechanisms. This program uses advanced techniques like process hollowing to embed the Remcos RAT directly into system memory, bypassing the need for any permanent file on the infected system. By running exclusively in memory, this fileless method makes detection considerably more challenging, as conventional antivirus solutions are more attuned to identifying malicious files saved locally.

The capabilities of Remcos RAT are extensive and provide attackers with robust control over the infected systems. Through a command-and-control (C2) server, the attacker can harvest various types of information from the compromised host, including system metadata and sensitive user data. Furthermore, Remcos can be used to remotely execute commands, harvest files, terminate processes, alter system services, manipulate the Windows Registry, and capture clipboard content. The malware can even enable the infected system’s camera and microphone, record the screen, and disable input devices, granting attackers comprehensive surveillance and control over the target’s environment. This vast array of functions makes Remcos a powerful tool for data theft and cyber-espionage.

This latest development highlights the increasingly sophisticated tactics used by threat actors to bypass traditional security measures. In addition to this campaign, researchers have also noted other phishing schemes exploiting APIs from platforms like DocuSign and unconventional tactics like ZIP file concatenation to slip past defenses and reach users. These campaigns emphasize the need for organizations to adopt advanced security strategies that can detect fileless malware and identify malicious activity patterns. As attackers continue to evolve their approaches, comprehensive cybersecurity measures are essential to protect against these growing threats.

Reference:
  • Phishing Campaign Uses Excel Exploit to Deliver Fileless Remcos RAT Malware
Tags: Cyber AlertsCyber Alerts 2024Cyber threatsHTMLMicrosoft ExcelNovember 2024PhishingRemcosTrojan
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial