Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot.
“PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and is being distributed,” South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published today.
“Not only is its file form similar to CryptBot, but it is also distributed via malicious sites exposed on the top search page when users search commercial software-related illegal programs such as Crack and Keygen,” it added.
According to ASEC, around 30 computers in the country are being consistently infected on a daily basis on average.
PseudoManuscrypt was first documented by Russian cybersecurity firm Kaspersky in December 2021, when it disclosed details of a “mass-scale spyware attack campaign” infecting more than 35,000 computers in 195 countries globally.
Targets of PseudoManuscrypt attacks, which it originally uncovered in June 2021, included a significant number of industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, in Russia, India, and Brazil, among others.
images from Hacker News