Remcos RAT is a fileless version of the well-known commercial malware Remcos. The attack persuades recipients to open a Microsoft Excel attachment by using lures with a purchase order theme. The malicious Excel document is made to take advantage of a known Office remote code execution vulnerability.

The revelation coincides with Wallarm's discovery that threat actors are misusing Docusign APIs to send phony invoices that look real in an effort to trick gullible users and launch large-scale phishing campaigns. "These incidents use genuine DocuSign accounts and templates to impersonate reputable companies, unlike traditional phishing scams that rely on deceptively crafted emails and malicious links," Wallarm wrote in a blog post last week. After that, the accounts are used to generate custom invoice templates that imitate requests to e-sign documents from reputable companies like Norton Antivirus. Multiple ZIP archives are appended to a single file using this method, which creates security risks because of the disparity.

According to a security expert, "threat actors know these tools will often miss or overlook the malicious content hidden within concatenated archives." Additionally, a threat actor called Venture Wolf has been connected to phishing attacks using MetaStealer, a fork of the RedLine Stealer malware, that target the Russian manufacturing, construction, IT, and telecommunications sectors. The threat actor is known to target the IT and construction industries and is thought to be based in the United States. The malware, which is reportedly in the form of a file-sharing program called Stuxnet that can be used to share files between numerous computers simultaneously, has not yet been found.

Click here to view the complete article from security expert John Defterios' blog, The Cybersecurity Strategist, or click here to read the complete report from the expert's blog.