Find notable cyber news and cases, enriched with sources, timelines, and signals.

Remcos RAT runtime decryption and dynamic API loading analysis

Technical Analysis
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

A newly observed Remcos RAT variant now uses runtime decryption and dynamic Windows API loading to reduce detection and frustrate static analysis on Windows systems. The analysis also shows modular DLL delivery, real-time webcam streaming, and instant keylogging, increasing operational stealth and the speed of exfiltration.

Related Happenings

Millenium RAT Windows malware activity and native C++ rewrite

Malware Activity
H score62 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

About this happening: The **Millenium RAT** malware activity is spreading across **Windows** systems, with **60,000+ infections** in **160+ countries** and a newer **native C++** build that helps it ev...

SprySOCKS Windows backdoor activity against government organizations

Malware Activity
H score23 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...

ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance

Technical Analysis
H score34 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...

SPECTRALVIPER DLL sideloading backdoor activity

Malware Activity
H score31 First: 11.06.2026 12:45 Last: 11.06.2026 12:45 Sources 1

About this happening: The **SPECTRALVIPER** backdoor was executed on affected **Windows** hosts through a **DLL sideloading** chain during **October 2025 to March 2026**, giving operators a way to run...

UAT-9244 TernDoor, PeerTime, and BruteEntry malware activity

Malware Activity
H score22 First: 06.03.2026 01:19 Last: 06.03.2026 01:19 Sources 1

About this happening: A **China-linked** malware cluster has been using **TernDoor**, **PeerTime**, and **BruteEntry** to compromise **telecommunication providers in South America** and turn infected s...

Timeline

  1. 19.02.2026 18:30 2 articles · 4mo ago

    Remcos RAT adds runtime decryption and real-time surveillance

    Technical Analysis Update

    Point Wild's Lat61 Threat Intelligence team detailed a newly observed Remcos RAT variant on Windows systems that streams webcam footage in real time, transmits keystrokes instantly, decrypts its configuration only at runtime, dynamically loads critical Windows APIs, retrieves webcam modules from C2 on demand, and cleans up logs, screenshots, audio recordings, browser cookies, persistence keys, and temporary files after exfiltration.

    Show sources