APT / THREAT GROUP

Remcos

5
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.

Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.

Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.

Remcos is developed by the cybersecurity company BreakingSecurity.

Threat Analysis

Remcos is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning Remcos

External References

Quick Facts

TypeAPT / Threat Group
Aliases5

Also Known As

win.remcosRemcosRATRemvioRemcosSocmer

External Intelligence

Malpedia: win.remcos

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.