Summary: The EncryptHub threat actor has exploited a zero-day vulnerability in Microsoft Windows (CVE-2025-26633) to deploy various malware, including Rhadamanthys and StealC. This attack leverages the Microsoft Management Console (MMC) to execute malicious payloads while maintaining persistence and stealing sensitive information from compromised systems. Trend Micro has identified this attack as MSC EvilTwin and is monitoring related Russian cyber activities.
Affected: Microsoft Windows
Keypoints :
- EncryptHub exploited CVE-2025-26633 to deliver malware via manipulated .msc files.
- The attack uses a PowerShell loader to trick the MMC into executing fraudulent .msc files.
- Victims often download digitally-signed installer files impersonating legitimate Chinese software, leading to malware execution.
Source: https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html