Capable of fully controlling the infected system, the PseudoManuscrypt botnet infected at least 35,000 computers in 2021. Hackers notably slipped the malware into installation files for Microsoft Office, Windows 10 or even Call of Duty.
After having mentioned the Tardigrade malware which targeted biomedical companies, focus on the PseudoManyscrypt botnet which attacks in particular companies in the military-industrial complex and research laboratories. This malware infected more than 35,000 Windows computers in the year 2021. Researchers at antivirus company Kaspersky spotted the first round of intrusions in June. And to evoke a “Large-scale spyware attack campaign”.
Among the computers attacked, 7.2% of the machines are part of industrial control systems, used by organizations operating in various fields, from engineering to energy, including construction, water management and public services. Organizations located mainly in India, Vietnam and Russia. Malware has infiltrated operating systems “Through a MaaS platform that distributes malware in pirated software installation archives”, underlines Kaspersky. It also spread via the Glupteba botnet.
Also read: Android: this spyware can film and take photos with your smartphone without your knowledge
PseudoManyscrypt: industrial espionage orchestrated by China?
To feed the botnet, a number of installation programs have been cracked. We can notably mention Microsoft Office, Adobe Acrobat, Garmin, Call of Duty, SolarWinds Engineer’s Toolset but also the Kaspersky security suite. To commit their misdeeds, hackers have favored the so-called search engine intoxication method. To do this, they created malicious sites which they sharpened the natural referencing (SEO) in order to make them appear high in the search results.
Once installed, the malware is able to fully control the infected system. Concretely, hackers were able to disable antiviruses, steal VPN connection data, spy on keystrokes. They also recorded audio, took screenshots and video captures of the screen, and intercepted data passing through the clipboard.
After analyzing samples, the researchers found comments written in Chinese. But this is not enough to determine the identity and origin of the hackers as well as the potential involvement of the government. “The large number of attacked engineering computers, including systems used for 3D and physical modeling, development and use of digital twins, may mean that industrial espionage is one of the main objectives of the campaign of attacks ”, point out the researchers.
Source: The Hacker News
