I spotted a malicious RAR archive that contained a VBS script. It was called “Unidad judicial citacion pendiente Fiscalia.rar” and protected with a simple 4-numbers password to defeat automatic scanning. Inside, the VBS script has the same name. Both are unknown to VT.
Remcos Downloader with Unicode Obfuscation, (Fri, Nov 4th)
This post was originally published on this site