We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:MSIL/Remcos
Aliases: No associated aliases
Summary
Remcos is used to take control of an infected system and collect system information like keystrokes, webcam images, screen captures, and passwords.Â
Remcos supports many control commands to perform various tasks on a victim’s device.
Based on command-and-control (C2) commands, it can do further malicious activities such as start and stop keyloggers, download file, delete file, upload file, open and close camera, record audio, display warning message, and get clipboard data.
Read the following blogs for more information:
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
Users should keep their antivirus products up to date and do regular system scans to remove possible threats.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.