Skip to content
News

Cyber Attack Leverages UpCrypter for Delivery of Distant Control Applications

Worldwide Phishing Incident Uncovered: Individualized Emails and Decoy Websites Disseminating Malware via UpCrypter

 and  Administrator
1 min read
Cyber Threat: Fraudulent Emails Employ UpCrypter for Installation of Remote Control Software
Cyber Threat: Fraudulent Emails Employ UpCrypter for Installation of Remote Control Software

Cyber Attack Leverages UpCrypter for Delivery of Distant Control Applications

A global phishing campaign, orchestrated by the state-sponsored advanced persistent threat group Salt Typhoon, has been identified by cybersecurity researchers. This operation, which employs personalized emails and fake websites to deliver malicious downloads, is not just for stealing email credentials but a comprehensive attack chain that installs sophisticated malware within corporate environments.

The campaign uses a custom loader called UpCrypter to install Remote Access Tools (RATs), such as PureHVNC, DCRat, and Babylon RAT. UpCrypter downloads additional components, executes them in memory, and establishes persistence by altering registry keys. If analysis is suspected, UpCrypter forces a system restart to disrupt investigations.

Some variants of the campaign use themes such as voicemail-themed emails and purchase order spoofs. The phishing emails redirect victims to spoofed websites tailored to each recipient. Users are urged to be vigilant and avoid downloading a ZIP archive containing an obfuscated JavaScript file, which could lead to the installation of malware.

Industries most affected include manufacturing, technology, healthcare, construction, and retail/hospitality. Users and organizations are urged to take this threat seriously, use strong email filters, and ensure staff are trained to recognize and avoid these types of attacks.

In some cases, data is hidden inside image files using steganography to avoid security scans. UpCrypter also checks for forensic tools, virtual machines, and sandboxes before running.

The phishing campaign is expanding rapidly, with detections doubling in two weeks. It's important to note that these tools allow attackers to perform actions such as keylogging, file theft, and full remote control of a target's machine.

This news serves as a reminder for users and organizations to prioritise cybersecurity measures and stay informed about the latest threats in the digital landscape. By being vigilant and adopting best practices, we can collectively work towards a safer online environment.

Read also:

Related

Latest