Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SHADOW#REACTOR Remcos RAT delivery chain

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

Researchers analyzed SHADOW#REACTOR, a multi-stage Windows malware campaign that uses script-based staging and in-memory loaders to quietly deliver Remcos RAT, increasing the risk of covert remote access on infected systems. The chain abuses wscript.exe and MSBuild.exe, reconstructs encoded payload fragments from remote text files, and hides activity with obfuscated VBS and PowerShell. Its design is meant to evade detection while enabling remote control, file access, and command execution.

Related Happenings

DRILLAPP JavaScript backdoor through Microsoft Edge

Malware Activity
First: 16.03.2026 11:07 Last: 16.03.2026 11:07 Sources 1

About this happening: Observed in **February 2026**, the **DRILLAPP** backdoor now runs through **Microsoft Edge**, giving it **file access** plus access to the **microphone**, **webcam**, and **screen...

Open Happening

ClickFix Windows Terminal Lumma Stealer campaign

Campaign
First: 06.03.2026 08:44 Last: 06.03.2026 08:44 Sources 1

About this happening: A **widespread ClickFix** campaign is abusing **Windows Terminal (wt.exe)** to run malicious commands and deploy **Lumma Stealer**, expanding the risk of credential theft and brow...

Open Happening

Windows 11 Insider Preview adds secure batch-file execution controls

Security Tool/Service
First: 27.02.2026 22:00 Last: 27.02.2026 22:00 Sources 1

About this happening: **Microsoft** is adding a more secure batch-file and CMD-script execution mode in **Windows 11 Insider Preview builds**, which matters for **enterprise scripted workflows** that n...

Open Happening

Trojanized gaming utility RAT delivery campaign via browsers and chat platforms

Campaign
First: 27.02.2026 12:06 Last: 27.02.2026 12:06 Sources 1

About this happening: Threat actors are running a **trojanized gaming utility** delivery campaign through **browsers and chat platforms**, putting **unsuspecting users** at risk of **RAT infection** an...

Open Happening

Remcos RAT variant with real-time surveillance and evasion

Malware Activity
First: 19.02.2026 18:30 Last: 19.02.2026 18:30 Sources 1

About this happening: A newly observed **Remcos RAT** variant now enables **real-time surveillance** on compromised **Windows** systems, increasing the risk of immediate **webcam monitoring** and **liv...

Open Happening

Timeline

  1. 13.01.2026 18:00 2 articles · 4mo ago

    Securonix analyzes SHADOW#REACTOR Remcos RAT delivery chain

    Initial Disclosure

    Securonix Threat Research analyzed SHADOW#REACTOR, a multi-stage Windows malware campaign that uses obfuscated VBS launched via wscript.exe, heavily encoded PowerShell in memory, remote text payload fragments, a .NET assembly protected with .NET Reactor, and MSBuild.exe to evade detection and deliver Remcos RAT for remote control, file access, command execution, and optional surveillance.

    Show sources
    Open in new tab