Remcos RAT Malware: Secure Your PowerShell Against Fileless Attacks
1 min read
Summary
Remcos Remote Access Trojan (RAT) is a particularly stealthy piece of malware
It operates using phishing, and requires no download by the victim
After a malicious zip file link is clicked, the RAT executes HTML applications through PowerShell, and can take complete control of a system.
Protection can be achieved by following instructions to change settings within PowerShell and Windows 11/10
These include setting PowerShell to Constrained Language Mode, and enabling “ScriptBlockLogging” to prevent remote execution of shell code loaders in PowerShell
