According to Kaspersky, a new malware cloud known as PseudoManyscrypt has hijacked around 35,000 Windows systems this year. The malware, which was first discovered in January 2021, is now spread through unlicensed software installers and app exploits promoted on many websites.
The new malware was detected after it infiltrated devices operating industrial control systems managed by Kaspersky’s ICS group. PseudoManyscrypt, according to a deeper investigation into the malware’s code, is a malware, Frankenstein, combining functionalities and code from a diverse selection of other malware varieties, varying from common commodity malware including Fabookie to malware formed by Chinese APT41 and North Korean Lazarus Group cyber-espionage organizations.
Kaspersky also noticed code comments penned in Chinese, however, these indicators were insufficient to determine who developed the malware.Russia, India, and Brazil were the most common targets of the infection. approximately 2,500 out of the 35,000 machines infiltrated this year were PCs on ICS-specific networks, according to Kaspersky.
This arose, according to Russian security organizations, because the PseudoManuscrypt team commonly employed exploits for ICS-specific software to mask their malware. Vulnerable installers for an app that generates a MODBUS Master Device to gather information from a PLC and a key generator for a SolarWinds product employed by network engineers and systems admins were among the things discovered.
Vulnerable or unlicensed variants of Call of Duty, Windows 10, Microsoft Office, Adobe products, and even Kaspersky’s own antivirus were also exploited to disseminate the infection.