” said one senior cybersecurity researcher. <\/p>\n
Body:<\/strong><\/p>\n Cybersecurity professionals have detected a new campaign by the cybercriminal group EncryptHub that exploits a specific Windows zero-day vulnerability to deploy Rhadamanthys and StealC malware.<\/p>\n The exploitation manipulates the Windows Management Instrumentation Command-line (WMIC) by using .msc files and the Multilingual User Interface Path (MUIPath).<\/p>\n The threat actors primarily aim to compromise various sensitive user data.<\/p>\n Once the Windows zero-day is exploited, EncryptHub deploys a sophisticated multi-staged attack.<\/p>\n First, it installs the Rhadamanthys backdoor Trojan, granting the threat actor full access and control over the victim’s system.<\/p>\n The backdoor provides a portal for the secondary payload, the StealC malware.<\/p>\n As a powerful information stealer, StealC is designed to extract essential data such as login passwords, credit card details, and other valuable personal information.<\/p>\n Technical Analysis<\/strong><\/p>\n The exploit starts by delivering a .msc file that carries a malicious DLL.<\/p>\n When opened, the .msc file calls the DLL using the MUIPath vulnerability.<\/p>\n A call-back is initiated to the C&C server, and it responds with an encoded payload.<\/p>\n This payload contains the Rhadamanthys(sometimes leveraging XOR encoding) that persistently executes on successful deployment.<\/p>\n Once Rhadamanthys is installed, it opens the gates for StealC, providing the ability to mine vital information such as saved passwords, internet browsing history, e-payment information, and more.<\/p>\n Mitigations<\/strong><\/p>\n The zero-day is already patched in the Microsoft’s recent update CVE-2021-40444.<\/p>\n It is advised that all Windows users immediately apply this security patch to diminish vulnerability to the exploit.<\/p>\n Cybersecurity professionals also recommend maintaining robust and updated security software.<\/p>\n Regular investment in cybersecurity training can further enhance a user’s natural vigilance against phishing attempts and suspicious links.<\/p>\n Conclusions<\/strong><\/p>\n The use of Windows’ zero-day flaws shows the need for constant vigilance and timely updates in the digital ecosystem.<\/p>\n It is a strong reminder to each organization about maintaining robust security posture.<\/p>\n Despite the rapid response of Microsoft in patching the vulnerability, this incident underlines the unending cat-and-mouse game between cybersecurity professionals and threat actors in cyber warfare.<\/p>\n Follow-Up Reading:<\/strong><\/p>\n Infosecurity Magazine \u2013 Latest Cybersecurity News<\/a><\/p>\n