APT / THREAT GROUP
Remcos
5
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.
Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.
Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.
Remcos is developed by the cybersecurity company BreakingSecurity.
Threat Analysis
Remcos is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Remcos
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
SANS ISC· Jun 16, 2026
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)
SANS ISC· Mar 24, 2026
SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)
SANS ISC· Mar 13, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases5
Also Known As
win.remcosRemcosRATRemvioRemcosSocmer
External Intelligence
Malpedia: win.remcosResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.