In May, Eset reported large-scale phishing campaigns targeting small and medium-sized businesses in Poland, Italy, and Romania. These attacks resulted in the installation of malware such as Agent Tesla and Formbook on the victims’ systems.
One of the malware used in these attacks is Remcos, which has functionalities for remote computer management, data collection, user action monitoring, and file management. Remcos is capable of gathering system information like computer names, system types, and user data, including financial and personal details.
While Remcos has legitimate uses, it is also infamous for being utilized in malicious cyber activities. Cyber attackers can exploit Remcos for unauthorized access to computers, espionage, and malware distribution. The software’s adaptability and ability to evade certain antivirus measures have made it a popular choice among cybercriminals.
Therefore, the presence of Remcos in the cybersecurity landscape has raised concerns due to its dual nature of legitimate functions and potential for misuse by malicious actors.