Table of Contents
Remcos began as a legitimate remote administration utility but has become one of the most widely deployed Remote Access Trojans (RATs) in the threat landscape. The RAT was initially used for data theft but has evolved into a real-time surveillance platform.
New variants discovered in January and February 2026 no longer wait to upload stolen files. They now stream webcam footage a...
The evolution of Remcos RAT from a legitimate tool to a real-time surveillance platform reflects a broader trend in cybercrime: the commodification of advanced capabilities. The SHADOW#REACTOR campaign’s use of text-based staging and LOLBins demonstrates how threat actors exploit blind spots in traditional security tools, leveraging legitimate infrastructure to evade detection. The shift to real-time surveillance in the February 2026 variant eliminates forensic artifacts, making incident respons...