Remcos Malware: A Legitimate Tool Turned into a Dangerous Remote Access Trojan

Researchers have identified a new method of deploying the Remote Access Trojan (RAT) Remcos using Virtual Hard Disk (VHD) files, allowing cybercriminals to bypass security measures and gain unauthorized access to victims’ devices.

Originally developed by cybersecurity firm BreakingSecurity as a remote administration and surveillance tool, Remcos has been weaponized by cybercriminals, enabling full control over infected Windows computers. Once installed, it can log keystrokes, capture audio and screenshots, execute remote scripts, and disable security measures.

Remcos is often delivered through phishing emails or malicious Office documents containing embedded settings files that trick users into executing harmful code. The malware is used for account takeovers, data theft, financial fraud, and system compromise, posing severe risks to individuals and organizations. Its ability to bypass security defenses underscores the need for robust cybersecurity measures to mitigate its impact.