"The phishing emails arrive disguised as missed voicemails or purchase orders. Victims who click on the attachments are redirected to fake websites, designed to appear convincing, often featuring company logos to increase trust. According to Fortinet, these phishing pages prompt users to download a ZIP file containing a heavily disguised JavaScript dropper. Once opened, the script triggers PowerShell commands in the background that connect to attacker-controlled servers for the next stage of malware."
"Once executed, UpCrypter scans the system to see if it is being analyzed in a sandbox or by forensic tools. If such monitoring is detected, the loader forces a reboot to break the investigation. If no obstacles are found, the malware proceeds to download and run further payloads. In some cases, attackers conceal these files inside images through steganography, a tactic that helps bypass antivirus software detection."
A surge of phishing emails targets Microsoft Windows devices by posing as missed voicemails or purchase orders and redirecting victims to convincing fake websites. These pages entice users to download ZIP files containing heavily disguised JavaScript droppers that execute PowerShell commands to contact attacker-controlled servers. UpCrypter acts as a loader that detects sandbox or forensic analysis and forces a reboot if monitoring is present, otherwise downloading further payloads. Attackers sometimes hide payloads inside images using steganography to bypass antivirus detection. Final payloads observed include remote access tools such as PureHVNC and DCRat.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]