Remcos RAT variant with real-time surveillance and evasion
Malware Activity
Summary
Hide ▲
Show ▼
A newly observed Remcos RAT variant now enables real-time surveillance on compromised Windows systems, increasing the risk of immediate webcam monitoring and live keylogging. The malware also uses stronger evasion techniques and runtime-only configuration handling to reduce detection. It shifts data theft toward direct communication with attacker-controlled servers, leaving fewer forensic traces. The update materially expands what operators can do after infection.
Related Happenings
Vect 2.0 ransomware wiper-flaw activity
Malware Activity
First: 29.04.2026 18:23
Last: 29.04.2026 18:23
Sources 1
About this happening:
The **Vect 2.0** ransomware variant now **permanently destroys large files** instead of encrypting them, which can leave defenders without a recoverable copy. The flaw affects ver...
Vect 2.0 ransomware wiper-flaw activity
Malware ActivityAbout this happening: The **Vect 2.0** ransomware variant now **permanently destroys large files** instead of encrypting them, which can leave defenders without a recoverable copy. The flaw affects ver...
VECT 2.0 ransomware-branded file destruction malware
Malware Activity
First: 28.04.2026 17:01
Last: 28.04.2026 17:01
Sources 1
About this happening:
The **VECT 2.0** malware now behaves like a **wiper** rather than recoverable ransomware, permanently destroying large files and raising the stakes for victims. The destructive fl...
VECT 2.0 ransomware-branded file destruction malware
Malware ActivityAbout this happening: The **VECT 2.0** malware now behaves like a **wiper** rather than recoverable ransomware, permanently destroying large files and raising the stakes for victims. The destructive fl...
GopherWhisper Go-based malware toolkit with Slack, Discord, and Outlook C2
Malware Activity
First: 23.04.2026 15:06
Last: 23.04.2026 15:06
Sources 1
About this happening:
The **GopherWhisper** malware set now combines **Go-based backdoors** and **exfiltration tools** that abuse **Slack**, **Discord**, **Microsoft 365 Outlook**, and **Microsoft Grap...
GopherWhisper Go-based malware toolkit with Slack, Discord, and Outlook C2
Malware ActivityAbout this happening: The **GopherWhisper** malware set now combines **Go-based backdoors** and **exfiltration tools** that abuse **Slack**, **Discord**, **Microsoft 365 Outlook**, and **Microsoft Grap...
Nexcorium Mirai botnet activity on TBK DVR devices
Malware Activity
First: 18.04.2026 09:01
Last: 18.04.2026 09:01
Sources 1
About this happening:
**Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...
Nexcorium Mirai botnet activity on TBK DVR devices
Malware ActivityAbout this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...
Medusa ransomware post-compromise deployment
Malware Activity
First: 07.04.2026 09:35
Last: 07.04.2026 09:35
Sources 1
About this happening:
**Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Medusa ransomware post-compromise deployment
Malware ActivityAbout this happening: **Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Timeline
-
19.02.2026 18:30 2 articles · 3mo ago
Point Wild reports Remcos RAT real-time surveillance variant
Initial DisclosurePoint Wild's Lat61 Threat Intelligence team reported a newly observed Remcos RAT variant on Windows systems that streams webcam footage in real time, transmits keystrokes instantly, decrypts its configuration only at runtime, dynamically loads critical Windows APIs, uses encrypted C2 channels with modular DLL-delivered plugins, and removes logs, browser data, screenshots, audio recordings, and persistence artifacts after exfiltration.
Show sources
- Remcos RAT Expands Real-Time Surveillance Capabilities — www.infosecurity-magazine.com — 19.02.2026 18:30
- Remcos RAT Expands Real-Time Surveillance Capabilities — www.infosecurity-magazine.com — 19.02.2026 18:30