Remcos, originally marketed as administrative software, has evolved into a serious risk in cybersecurity due to its widespread use among threat actors. This malware allows attackers to perform various malicious activities such as executing remote commands, stealing files, and logging keystrokes using command-and-control servers over HTTP and HTTPS protocols.
Its infrastructure is extensive, with over 150 active command-and-control servers tracked between October and November 2025, primarily using port 2404, and showing flexibility by operating on several other ports. Remcos’ persistence mechanisms, like Scheduled Tasks and Registry Run-key entries, ensure that malicious access is maintained even after system reboots, highlighting the need for immediate intervention and robust security measures for vulnerable organizations.
👉 Pročitaj original: Cyber Security News
