- AhnLab Security Intelligence Center (ASEC) confirmed that the Remcos RAT malware is being distributed through UUE (UUEncoding) files compressed with Power Archiver.
- The phishing email disguises itself as an email related to export-import shipping or a quotation, so recipients need to be cautious.
- The attacker distributes a VBS script file encoded in UUEncoding format through an attachment in the email.
- UUEncoding is a method used for exchanging data between Unix systems, where binary data is encoded into ASCII text format.
- The structure of a UUE (UUEncoding) file consists of a header (begin), encoded data, and an end marker (end).
- The attacker attempted to bypass detection by using UUEncoding.
https://asec.ahnlab.com/ko/65790/