Remote Access Trojan

Remcos

First seen: 2016 • Status: active

Currently Active Threat

Remcos claims to be a legal remote control tool, but criminals buy it to secretly spy on people computers and steal their information.

Overview

Remcos is a commercial RAT sold as a legitimate remote administration tool. Despite claims of lawful use, it is widely abused in malware campaigns and distributed through phishing.

Also Known As

Remcos RAT, Remote Control System

How It Spreads

  • Phishing campaigns
  • Malicious Office documents
  • Archive files with executables

What It Does

  • Remote desktop
  • Keylogging
  • Webcam capture
  • Screen recording
  • File management
  • Password theft

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Remcos network signatures
  • Check for characteristic process names
  • Analyze Office macro execution
  • Review registry for persistence

MITRE ATT&CK Techniques

T1566, T1204, T1056, T1125, T1113

If You're Infected

  1. 1.

    Kill Remcos processes and services

  2. 2.

    Remove registry persistence keys

  3. 3.

    Block known Remcos C2 infrastructure

  4. 4.

    Reset credentials

Related Malware

Nanocore, Njrat, Asyncrat

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices