Remcos RAT Analysis: How the Windows Remote Access Trojan Operates
By
[email protected] (Umut Bayram)
7d agoen
Source
picussecurity.comRemcos RAT Analysis: How the Windows Remote Access Trojan Operatespicussecurity.comKey Takeaways Remcos RAT is a Windows remote access trojan first introduced in 2016 by Breaking Security as a remote administration product. Once deployed, Remcos hands an operator near-complete control, enabling command execution, credential theft, and silent recording of user activity. Remcos combines defense evasion via process injection , privilege escalation through a COM-based UAC bypass , and multi-layered registry and watchdog persistence . Its surveillance toolkit includes keylogging , periodic screenshots , audio recording , an optional webcam module , and browser credential and cookie wiping . The Picus Security Validation Platform simulates Remcos RAT attacks, letting organizations test security controls against this threat within minutes. Remcos (Remote Control and Surveillance) is a Windows remote access trojan (RAT) that was first introduced in 2016 by the company Breaking Security, which marketed it as a legitimate remote administration product. Since then, it has been widely adopted by threat actors and has become one of the most prevalent commodity RATs in the wild.
You might also wanna read
Glitch SPY: New Android RAT Distributed Through Fake Polish Rental App Targets Users via Accessibility Service Abuse
Cyble Research Labs identified Glitch SPY, a new Android Remote Access Trojan (RAT) builder platform discovered through an exposed command-a
hendryadrian.com·7d agoTyposquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence
A malware campaign targets Windows systems via a typosquatted npm package called postcss-minify-selector-parser, disguised as the legitimate
cybersecuritynews.com·13d agoNew Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
BackBox.org·2d ago
New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
thehackernews.com·2d ago
New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
thehackernews.com·6d ago
axios npm Package Compromised: Versions 1.14.1 and 0.30.4 Contain RAT Malware
axios versions 1.14.1 and 0.30.4 were compromised on npm between March 30-31, 2026, with a malicious dependency that drops a remote access t
cstu.io·23d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.