THE article discusses the emergence of a new variant of the Remcos RAT (Remote Access Trojan) discovered by G Data Analysts, which employs advanced evasion tactics to infiltrate corporate networks. The infection chain begins with a phishing email featuring a malicious batch file disguised as a corporate document. Upon execution, it leverages legitimate Windows administrative components to avoid detection by antivirus software. The malware downloads additional tools while disguising its payload to appear benign.
The final stage involves an in-memory code injection using DonutLoader shellcode, which further complicates detection. To combat this threat, security experts recommend updating network security protocols, blocking unauthorized script executions, and monitoring unusual system behavior.