Rescoms rides waves of AceCryptor spam
Last year ESET published a blogpost about AceCryptor – one of the most popular and prevalent cryptors-as-a-service (CaaS) operating since 2016. For H1 2023 we published statistics from our telemetry, according to which trends from previous periods continued without drastic changes.
However, in H2 2023 we registered a significant change in how AceCryptor is used. Not only we have seen and blocked over double the attacks in H2 2023 in comparison with H1 2023, but we also noticed that Rescoms (also known as Remcos) started using AceCryptor, which was not the case beforehand.
The vast majority of AceCryptor-packed Rescoms RAT samples were used as an initial compromise vector in multiple spam campaigns targeting European countries including Poland, Slovakia, Bulgaria, and Serbia.
Click here to read more.