Last Updated on 18/02/2022 by Nidhi Khandelwal
Since at least May 2021, a botnet known as PseudoManuscrypt has been targeting Windows workstations in South Korea, using the same delivery methods as another virus known as CryptBot.
In a study released today, South Korean cybersecurity firm AhnLab Security Emergency Response Center (ASEC) stated, “PseudoManuscrypt is disguised as an installer that is identical to a type of CryptBot and is being spread.”
“Not only is its file form identical to CryptBot,” it said, “but it is also delivered via malicious sites shown on the top search page when consumers seek for commercial software-related unlawful tools like Crack and Keygen.”
PseudoManuscrypt was originally discovered in December 2021, when Russian cybersecurity firm Kaspersky revealed details of a “mass-scale spyware assault campaign” that infected over 35,000 PCs in 195 countries around the world.
PseudoManuscrypt attacks, which were first discovered in June 2021, have targeted a large number of industrial and government institutions in Russia, India, and Brazil, among others, including military-industrial complex firms and research centers.
The main payload module has a wide range of surveillance capabilities, giving the attackers practically complete access over the compromised PC. Stealing VPN connection information, recording audio with the microphone, and capturing clipboard contents and operating system event log data are all part of it.
Furthermore, PseudoManuscrypt may connect to a remote command-and-control server controlled by the attacker to perform malicious tasks like downloading files, executing arbitrary instructions, logging keystrokes, and capturing screenshots and videos of the screen.