Researchers discovered that a developer remote access tool (RAT) can be used for malicious purposes.
The utility name is Remcos (short for Remote Control and Surveillance); it’s developed by a company called Breaking Security, which sells it for prices that variates between €58 and €389. This tool allows full control over any edition of Windows operating system, starting XP and including server edition.
Among the remote capabilities, it can be used for administration, surveillance, proxy and also as an anti-theft tool for a laptop.
According to cybersecurity researchers, Remcos has been involved in multiple malware campaigns that used various methods to avoid detection. Some of the cyber attacks targeted defense contractors, international news agencies, Diesel equipment manufacturers, and service providers in the energy and maritime industry.
In a campaign observed in Turkey, Remcos was delivered through carefully planned spear-phishing attacks that purported to be an official communication from the Turkish Revenue Administration, responsible for taxation in the country.
In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
After the attacks, the author of the tool stated:
“We have many customers ranging from IT management, cybersecurity, business owners, private users, etc. Now, due to the power and versatility of this software, some users abused it, by using it to control machines where they didn’t have ownership on. This is explicitly forbidden by our Terms of Usage, which any user must accept prior to registering and buying on our site.”.
The author of the tool also says that he received no notification of abuse from researchers/analysts, although an email address set up specifically for this is published in the Contact area of the company website.
By the analysis from cybersecurity researchers and from their observations, Remcos is a preferred tool for ill-intended activity. We advise organizations to make sure that their security controls take this RAT into consideration because Remcos is a robust tool that is being actively developed to include new functionality increasing what the attackers can gain access to.
Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.