Summary: A new cybercriminal entity named EncryptHub has drawn attention for its sophisticated multi-stage attack strategies and reliance on trojanized applications. Outpost24βs KrakenLabs report reveals EncryptHubβs operational missteps, increasing the understanding of their techniques and infrastructure. The group is also developing a remote access tool (RAT) called EncryptRAT, potentially to be commercialized for other cybercriminals.
Affected: Enterprises and individual users
Keypoints :
- EncryptHub uses trojanized applications to distribute malware disguised as popular software.
- The group partners with underground services to automate malware distribution.
- Multiple operational security mistakes by EncryptHub have inadvertently exposed their tactics and tools.
- The multi-stage killchain includes using PowerShell scripts to gather system information and disable security measures.
- EncryptRAT is in development, enabling remote management of infections and potentially to be sold to other cybercriminals.