All news with #upcrypter tag

Global Phishing Campaign Distributes UpCrypter Loader

📧 FortiGuard Labs identified a global phishing campaign that uses crafted HTML email attachments and personalized phishing pages to deliver obfuscated JavaScript droppers which stage the UpCrypter loader on Microsoft Windows systems. The attack uses target-specific URL reconstruction, convincing domain and logo spoofing, and prompts victims to run a bundled JavaScript dropper. The dropper decodes and executes a Base64 PowerShell payload that performs anti-analysis checks, loads an MSIL loader directly into memory, and ultimately deploys multiple RATs (PureHVNC, DCRat, Babylon RAT). Organizations should apply layered email filtering, endpoint least-privilege, and script/memory-aware detection to block these artifacts.