A sophisticated botnet known as PseudoManuscrypt has been actively targeting Windows systems in South Korea since May 2021, employing tactics similar to those used by the malware CryptBot. This trend has raised significant concerns within the cybersecurity community.
A report from the South Korean cybersecurity firm AhnLab Security Emergency Response Center (ASEC) highlights that PseudoManuscrypt is disguised as an installer, closely resembling CryptBot. The malware is primarily disseminated through malicious websites that appear prominently in search results for illegal software like Crack and Keygen. This method allows it to evade many basic security protocols.
According to ASEC, the infection rate is alarming; approximately 30 computers in South Korea are infected on a daily basis. These attacks have prompted further scrutiny of both the malware’s operational capabilities and its delivery mechanisms.
PseudoManuscrypt was initially identified by Kaspersky, a Russian cybersecurity firm, in December 2021 during a “mass-scale spyware attack” that affected over 35,000 computers across 195 countries. The malware originally targeted a range of entities, including critical industrial and governmental organizations, particularly in Russia, India, and Brazil.
This attack class has alarming capabilities. The primary module of PseudoManuscrypt offers extensive spying functionality, granting attackers near-total control over infected devices. It can extract sensitive information such as VPN credentials, record audio through microphones, and capture clipboard data and operating system logs.
Moreover, PseudoManuscrypt establishes communication with remote command-and-control servers controlled by the attackers, making it capable of executing malicious actions such as downloading files, running arbitrary commands, logging keystrokes, and capturing screen activity, including screenshots and videos.
Researchers emphasize the urgency for users to exercise caution when downloading software from unverified or suspicious sources. As PseudoManuscrypt is often masked as an installer for illegal software, it can embed malicious files that continue to operate without user awareness, underscoring the importance of routine system maintenance and vigilance against malware threats.
