Cybersecurity analysts at security firm ASEC recently identified a new malware dubbed as PseudoManuscrypt on many Windows systems located in South Korea.
While this new PseudoManuscrypt malware carries out the same delivery tactics as another malware, CryptBot since May 2021. Not only that, even PseudoManuscrypt is mainly disseminated via malicious websites which are easily accessible on the top search pages of several search engines.
Here is what the experts from security firm ASEC have stated:-
“PseudoManuscrypt is masquerading as an installer similar to Cryptbot’s form and is being distributed. Not only is the file format similar to Cryptbot, but it is also circulated via malicious sites that are exposed on top search pages when users search for illegal programs related to commercial software such as Crack and Keygen.”
PseudoManuscrypt Deployment
In South Korea, this new malware, PseudoManuscrypt infects more than 30 computers on average every day, and this malware was originally tracked by Kaspersky in December 2021.
At the time of initial discovery, security firm Kaspersky had disclose key data and fragments from a large-scale spyware attack campaign, and in this malicious campaign, it has compromised more than 35,000 systems in 195 countries worldwide.
And below we have mentioned the operation flow of PseudoManuscrypt malware:-
With full-featured payload modules, the threat actors behind this malware can take complete control over compromised systems with multiple spying capabilities.
Compromised data types
Below we have mentioned all the types of data that is compromised by threat actors by spreading this malware on targeted systems:-
- VPN connection information
- Clipboard data
- audio data
- List of shared network folders
- Process information receiving TCP and UDP ports
- File version information of the running process
- C2 : email.yg9[.]I
- Download file
- Execute arbitrary commands
- Record keystrokes
- Capture screenshot
- Screen video
PseudoManuscrypt Target
In June 2021, the target of the PseudoManuscrypt malware was initially disclosed and it includes the following organizations and companies from Russia, India and Brazil:-
- Industrial organization
- government organization
- Private companies
- Company military industrial complex
- Research laboratory
In addition, all malicious files downloaded by PseudoManuscrypt malware can be registered to offer services and carry out malicious activities constantly by impersonating it as periodic PC maintenance to deceive users.
You can follow us on LinkedIn, Indonesia, Facebook for daily cybersecurity and hacking news updates.
