Remcos Everywhere! Attacking From a Weaponized Zip File

Cybersecurity circles are abuzz with the latest campaign involving the notorious Remote Control System (RAT), Remcos.

This sophisticated malware has been making headlines for its widespread and targeted attacks, particularly in Eastern Europe.


The recent surge in activities has seen Romania, Moldova, and neighboring countries falling victim to a cleverly disguised threat, masquerading as a benign communication from a Romanian industrial equipment supplier.

The Ingenious Social Engineering Scheme

The attackers have adopted a cunning approach to infiltrate companies’ defenses, leveraging social engineering tactics that exploit human psychology.

Companies in the targeted region have been receiving emails with “Comandă nouă” (New Order), seemingly originating from a legitimate supplier specializing in machine tools.

Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
  • If you want to test all these features now with completely free access to the sandbox:

These emails contain a ZIP archive named “Noua lista de” (New Order Upon opening, it reveals a malicious executable file masquerading as a command list, “Noua lista de comenzi.exe” (New Order List.exe).

This file, once executed, unleashes the Remcos RAT onto the unsuspecting victim’s system.

The Perils of Remcos RAT

The deployment of Remcos RAT is not to be taken lightly. This malware grants attackers remote access to compromised systems, paving the way for many nefarious activities, as reported by Broadcom.

The implications for affected companies are dire, encompassing data theft, system compromise, operational disruption, espionage, and significant reputational damage.

Furthermore, the legal and compliance ramifications can not be overstated, potentially leading to severe financial penalties and loss of business.

Shield Against Remcos

Symantec uses key identifiers to protect against this RAT, including ACM.Ps-RgPst!g1, Trojan.Gen.MBT, Trojan.Gen.NPE, and Heur.AdvML.B!100, along with monitoring for lousy reputation application activity.

The emergence of Remcos RAT in a weaponized ZIP file, exploiting social engineering tactics, underscores the evolving landscape of cyber threats.

Companies, particularly those in the targeted regions, must remain vigilant and adopt a proactive stance toward cybersecurity.

Leveraging advanced security solutions like those offered by Symantec, alongside fostering a culture of security awareness among employees, can significantly mitigate the risk posed by such sophisticated attacks.

The battle against cyber threats like Remcos RAT is ongoing and requires a concerted effort from organizations, cybersecurity vendors, and individuals.

By staying informed and prepared, we can collectively thwart cyber adversaries’ ambitions and safeguard our digital domains.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.