New Malware Campaign Uses PowerShell-Based Shellcode Loader to Deploy Remcos RAT

A new malware campaign is utilizing a PowerShell-based shellcode loader to deploy a remote access Trojan called Remcos RAT. Attackers are distributing malicious LNK files embedded in ZIP archives, often disguised as Office documents. The attack chain exploits mshta.exe to execute the malicious code. This information was reported by Akshay Thorve, a security researcher at Qualys.