Protecting Your System: How Cybercriminals Spread Fileless Remcos RAT Malware Via Excel Exploit
also been seen using a cracked (illegal) version of the software.”
Utilizing sophisticated techniques, recently identified cybercriminals are leveraging an exploit in Microsoft Excel to disseminate a fileless version of the Remcos RAT malware.
Through this exploit, malicious actors send meticulously crafty phishing emails to deploy the malware without it ever touching the filesystem, thereby outmaneuvering traditional security defenses.
Understanding Remcos RAT
Remote Control & Surveillance (Remcos) is a legitimate commercial Remote Access Tool (RAT) that can also be manipulated into a malicious software.
It was famously used in 2016 when it was embedded in a Turkish word document that was associated with a widespread phishing attack.
Though it is originally designed to provide remote access to a system, nefarious actors have transformed and evolved it into a full-blown malware tool.
The Excel Exploit
The Excel exploit in question uses an Excel formula to automatically execute a Powershell command when the spreadsheet is opened, without any macro script involvement, which is a traditional sign of malicious intent.
In this instance, attackers filled a cell with a formula that triggers the “cmd” command line, which in turn runs a script to download and execute the payload directly into the computer’s memory.
Fight Against Fileless Malware
One major reason why this type of attack is so dangerous and asymmetric is because fileless malware resides in volatile storage like RAM, rather than the hard disk.
Therefore, they evade standard antivirus detection methods that scan disk storage, making it challenging for cyber defense teams to discover.
However, there are practical means to prevent such attacks.
One of the proven ways is to limit the use of Powershell and other scripting languages to only trusted and necessary applications.
Cybersecurity professionals also recommend applying a ‘default deny’ security posture, which stops all untrusted applications by default.
On the horizon, there is hope.
Cybersecurity professionals continue to learn about these types of attacks and are designing sophisticated methods to combat such ever-mutating threats.
Conclusion
In combating fileless malware, staying informed and vigilant is the key.
Adhering to cybersecurity best practices such as strong unique passwords, regular software updates, and educating employees about the common signs of phishing attacks can contribute to a robust defense against these sophisticated attacks.
Follow-Up Reading