Since May 2021, a botnet known as PseudoManuscrypt has been targeting Windows workstations in South Korea, using the same delivery methods as another virus known as CryptBot. South Korean cybersecurity firm AhnLab Security Emergency Response Center (ASEC) stated that , “PseudoManuscrypt is disguised as an installer that is identical to a type of CryptBot and is being spread.”

According to ASEC, approximately 30 computers in the country are infected on a daily basis on average.
A approach like this targets random users, and it has been established that a large number of PCs in Korea have been infected.

PseudoManuscrypt attacks, which were first discovered in June 2021, targeted a large number of industrial and government institutions in Russia, India, and Brazil, among others, including military-industrial complex firms and research centres. It was originally discovered in December 2021, when Russian cybersecurity firm Kaspersky revealed details of a “mass-scale spyware assault campaign” that infected over 35,000 PCs in 195 countries around the world.

The graph depicts the number of logs discovered from the start of distribution (May 2021) until the present. The number of infected PCs is shown in green, while the number of detected files is shown in red. As you can see, approximately 30 PCs were infected on a daily basis on average.

The main payload module has a wide range of activities , giving the attackers practically complete access over the compromised PC. Stealing VPN connection information, recording audio with the microphone, and capturing clipboard contents and operating system event log data are all part of it.

Finally the researchers concluded that ,” malware tries to present as an illegal software installer and is delivered to random individuals through  malicious websites and users must be careful not to download related programmes. Periodic PC maintenance is required because dangerous files might be registered to service and perform continual malicious activities without the user’s knowledge.

Indicators Of Compromise

  • 1fecb6eb98e8ee72bb5f006dd79c6f2f
  • 5de2818ced29a1fedb9b24c1044ebd45
  • 58efaf6fa04a8d7201ab19170785ce85
  • 839e9e4d6289eba53e40916283f73ca6
  • 89c8e5a1e24f05ede53b1cab721c53d8
  • 5e6df381ce1c9102799350b7033e41df
  • a29e7bbe6dee4eea95afa3f2e3a1705a
  • 8ae40c8418b2c36b58d2a43153544ddd
  • email.yg9[.]me

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s