India, Jan. 14 -- It does not crash systems or raise alarms. It blends into everyday Windows activity and works quietly in the background. By the time it is noticed, control may already be lost.

Security teams are tracking a new malware campaign, labeled SHADOW#REACTOR, that uses a carefully staged Windows attack chain to install the Remcos Remote Access Trojan (RAT). The operation relies on scripts, text-only payloads, and trusted Windows tools to quietly gain control of infected systems. Its structure points to a financially driven effort aimed at business networks of all sizes.

SHADOW#REACTOR is the name researchers have assigned to an active malware delivery campaign that installs Remcos RAT using a multi-stage loader framework. Rat...