Find notable cyber news and cases, enriched with sources, timelines, and signals.

Remcos RAT variant with real-time surveillance and evasion

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

A newly observed Remcos RAT variant now enables real-time surveillance on compromised Windows systems, increasing the risk of immediate webcam monitoring and live keylogging. The malware also uses stronger evasion techniques and runtime-only configuration handling to reduce detection. It shifts data theft toward direct communication with attacker-controlled servers, leaving fewer forensic traces. The update materially expands what operators can do after infection.

Related Happenings

TinyRCT backdoor with persistence, exfiltration, and self-deletion

Malware Activity
H score22 First: 26.06.2026 13:30 Last: 26.06.2026 13:30 Sources 1

About this happening: The **TinyRCT** backdoor appeared in a **2025** intrusion operation, adding stealthy **persistent access** and **control** to the attackers' toolkit. It also supports **command ex...

Vect 2.0 ransomware wiper-flaw activity

Malware Activity
H score31 First: 29.04.2026 18:23 Last: 29.04.2026 18:23 Sources 1

About this happening: The **Vect 2.0** ransomware variant now **permanently destroys large files** instead of encrypting them, which can leave defenders without a recoverable copy. The flaw affects ver...

VECT 2.0 ransomware-branded file destruction malware

Malware Activity
H score4 First: 28.04.2026 17:01 Last: 28.04.2026 17:01 Sources 1

About this happening: The **VECT 2.0** malware now behaves like a **wiper** rather than recoverable ransomware, permanently destroying large files and raising the stakes for victims. The destructive fl...

GopherWhisper Go-based malware toolkit with Slack, Discord, and Outlook C2

Malware Activity
H score23 First: 23.04.2026 15:06 Last: 23.04.2026 15:06 Sources 1

About this happening: The **GopherWhisper** malware set now combines **Go-based backdoors** and **exfiltration tools** that abuse **Slack**, **Discord**, **Microsoft 365 Outlook**, and **Microsoft Grap...

Nexcorium Mirai botnet activity on TBK DVR devices

Malware Activity
H score27 First: 18.04.2026 09:01 Last: 18.04.2026 09:01 Sources 1

About this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...

Timeline

  1. 19.02.2026 18:30 2 articles · 4mo ago

    Point Wild reports Remcos RAT real-time surveillance variant

    Initial Disclosure

    Point Wild's Lat61 Threat Intelligence team reported a newly observed Remcos RAT variant on Windows systems that streams webcam footage in real time, transmits keystrokes instantly, decrypts its configuration only at runtime, dynamically loads critical Windows APIs, uses encrypted C2 channels with modular DLL-delivered plugins, and removes logs, browser data, screenshots, audio recordings, and persistence artifacts after exfiltration.

    Show sources