Threat Actors disguise the Remcos RAT malware in PDF files

Hackers use malicious emails to send malware as payslip documents

2 min. read

Published on March 15, 2024

published on March 15, 2024

Readers help support Windows Report. We may get a commission if you buy through our links.

Threat Actors use PDF files to infect us with Remcos Remote Access Trojan (RAT) malware. They operate in Latin America, but their influence might spread to other regions. In addition, the wrongdoers are using emails to spread the virus. As a precaution, you shouldn’t download anything unless you check the sender and verify the message’s authenticity.

What is Remcos RAT?

The Remcos RAT is a type of malware that allows threat actors to access and control your device. Once in your system, the hackers get more options for it. For example, they can gain access to your microphone and camera, log keystrokes, and take screenshots. Also, the RAT malware can steal your data, such as usernames, passwords, and browsing history.

Unfortunately, the Remcos RAT can stay hidden as a regular file until a cybercriminal activates it. In this way, it avoids detection. While inactive, it can still do you harm using its built-in offline keylogger, which records and keeps track of your keystrokes.

According to a tweet from ANY.RUN, the attackers disguise themselves as Colombian government agencies and send fake emails addressing legal issues. Each message contains a PDF file that you shouldn’t download or open. Also, hackers use a Visual Basic Script (VBS), a deprecated active script language, to help the virus avoid detection.

The wrongdoers mainly target individuals affiliated with the Colombian government infrastructure. However, they might include other people and regions as well. So, approach this security threat as a serious issue, especially now since they might change their tactic.

🚨 An ongoing campaign targeting #LATAM: Attackers are forcing users to initiate infections 🚨

The #attackers impersonate Colombian government agencies (e.g., COLOMBIANA DE MUNICIPIOS) by sending PDFs, accusing the recipients of traffic violations or other legal issues.

These… pic.twitter.com/t0RcNtJuH3
— ANY.RUN (@anyrun_app) March 14, 2024

In a nutshell, if you receive emails from Colombian government agencies, verify their source. To protect yourself, consider installing an antimalware application with the latest security updates. Additionally, try not to download or install files from untrusted sources, as they might contain the Remcos RAT malware. As a final precaution, back up your data on an external device and tell people around you to be extra careful.

What are your thoughts? How do you select an antimalware software? Let us know in the comments.

More about the topics: antimalware, Cybersecurity, malware

Sebastian Filipoiu

Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.