Threat Actors disguise the Remcos RAT malware in PDF files

Hackers use malicious emails to send malware as payslip documents

Reading time icon 2 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Remcos Rat malware controlling devices

Threat Actors use PDF files to infect us with Remcos Remote Access Trojan (RAT) malware. They operate in Latin America, but their influence might spread to other regions. In addition, the wrongdoers are using emails to spread the virus. As a precaution, you shouldn’t download anything unless you check the sender and verify the message’s authenticity.

What is Remcos RAT?

The Remcos RAT is a type of malware that allows threat actors to access and control your device. Once in your system, the hackers get more options for it. For example, they can gain access to your microphone and camera, log keystrokes, and take screenshots. Also, the RAT malware can steal your data, such as usernames, passwords, and browsing history.

Unfortunately, the Remcos RAT can stay hidden as a regular file until a cybercriminal activates it. In this way, it avoids detection. While inactive, it can still do you harm using its built-in offline keylogger, which records and keeps track of your keystrokes.

According to a tweet from ANY.RUN, the attackers disguise themselves as Colombian government agencies and send fake emails addressing legal issues. Each message contains a PDF file that you shouldn’t download or open. Also, hackers use a Visual Basic Script (VBS), a deprecated active script language, to help the virus avoid detection.

The wrongdoers mainly target individuals affiliated with the Colombian government infrastructure. However, they might include other people and regions as well. So, approach this security threat as a serious issue, especially now since they might change their tactic.

In a nutshell, if you receive emails from Colombian government agencies, verify their source. To protect yourself, consider installing an antimalware application with the latest security updates. Additionally, try not to download or install files from untrusted sources, as they might contain the Remcos RAT malware. As a final precaution, back up your data on an external device and tell people around you to be extra careful.

What are your thoughts? How do you select an antimalware software? Let us know in the comments.

More about the topics: antimalware, Cybersecurity, malware