Cybersecurity researchers have identified a new phishing campaign using fake voicemails and purchase orders to distribute the UpCrypter malware loader, targeting multiple sectors worldwide since August 2025. The campaign employs convincing fake landing pages and multi-stage malware delivery methods, including steganography and anti-analysis techniques, to evade detection and maintain persistence. #UpCrypter #Phishing #RemoteAccessTools #FakeVoicemail #Steganography
Keypoints
- The campaign primarily targets manufacturing, healthcare, technology, construction, and retail sectors globally.
- Fake voicemails and purchase requests lure victims into clicking malicious links leading to malware downloads.
- UpCrypter acts as a conduit for RATs like DCRat, Babylon RAT, and PureHVNC RAT, enabling remote control over infected systems.
- The malware employs sophisticated obfuscation, anti-analysis checks, and steganography to evade detection.
- Legitimate services like Google Classroom and Microsoft 365 are exploited to bypass security and deliver phishing content.
Read More: https://thehackernews.com/2025/08/phishing-campaign-uses-upcrypter-in.html