Dangerous Malware Delivery: Bank Payment Alert’s Trojanized Email Revealed


According to a recent report, a new method employed by hackers to infect victims with Remcos malware is the delivery of a bank payment alert meant to execute an absolutely different order. It has been reported that hackers have updated the infamous malware to send phishing emails to victims deceiving them about a payment being made to a bank account.

This new version of keylogging and information stealing Remcos malware has been in the system for quite a while, and has been executed successfully by hackers to steal sensitive information.

Remcos malware

Image Source: www.geekboots.com

The Remcos Remote Access Trojan is a very dangerous tool that is primarily used to steal information from victims. According to reports, the Remcos malware was first spotted on the dark web market in 2016. Since its inception on the market, it has frequently been updated by hackers to take on higher tasks with the latest updates being used to execute these trojanized emails.

The Remcos malware is a surveillance tool and information stealer, available for sale for as little as $58 according to multiple sources. The reason why this malware has undergone varieties of updates is not known, but it is likely that it gets modified to bypass any upgraded security and to be launched in a new form.

No one has ever underrated the capabilities of Remcos malware. Remcos malware is known for its dangerous ability of stealing clipboard contents, keylogging and going as far as taking screenshots in a bid to steal passwords and other sensitive information of victims.

The new Remcos malware has the variant title “2.5.0 pro” according to reports. Its strategy of hacking victims is a bit different. In the new campaign, hackers use it to entice victims to open a trojanized .ZIP file presented to be from a genuine domain, and as a payment being made into a bank account.

The .ZIP file is just a gateway that leads to a .TXT extension. This runs on a PowerShell script when activated, and it is designed to install malware into victims window machine according to information. Interestingly, .EXE file is dropped and designed to lie idle for 20 seconds to avoid detection.

The Remcos malware also makes its way into the auto-start group registry. The reason is to maintain persistence by being started automatically when the system is boot on. The infected computer then comes under monitoring. The malware records any website the victim visits, as well as the passwords and any sensitive information entered on these websites.

Remcos Malware

Image Source: www.firstpost.com

Stolen passwords and usernames can be used by hackers to steal funds or compromise an account. This is more serious because compromised data can also be sold on the dark web for other use. Victims are always at risk of identity theft.

Following the emergence of the Remcos malware that has the ability to deceive victims into thinking they are confirming a money transaction, a lot of people have become victims of this new approach, and it is important for individuals and corporate bodies to be more cautious on clicking any unknown link or ZIP file either through email or SMS.

Mostly, hackers also use special tools to present fake online payment pages that are mostly difficult to detect. Data breach has reached a new level, and so, it is advisable to take basic security tips seriously.

Source: ZDNET

Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #deep_web_links #Tor_.onion_urls_directories #Deep_Web_Sites_Links #Dark_Web_Links_Hidden_Wiki #Dark_web_directories


Please enter your comment!
Please enter your name here