New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims.
Tag: Remcos
AI, Endpoint, Global Security News, malware
SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)
Introduction This diary describes a Remcos RAT infection that I generated in my lab on Thursday, 2026-03-11. This infection was from the SmartApeSG campaign that used a ClickFix-style fake CAPTCHA page. My previous in-depth diary about a SmartApeSG (ZPHP, HANEYMANEY) was in November 2025, when I saw NetSupport Manager RAT. Since then, I’ve fairly consistently seen…
Global Security News
Remcos RAT Expands Real-Time Surveillance Capabilities
New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows