Outpost24's KrakenLabs uncovered EncryptHub’s malware campaign, exposing their tactics through OPSEC failures such as directory listing leaks, exposed Telegram bot configurations, and storing stolen data alongside malware. EncryptHub’s attacks rely on multi-stage PowerShell scripts that steal sensitive information, inject malicious code, and deploy data stealers, often delivered through trojanized apps and pay-per-install services like LabInstalls. The group has disguised malware as legitimate software using revoked code-signing certificates and certificates issued by Encrypthub LLC. EncryptHub is also developing EncryptRAT, a command-and-control tool designed to manage infected systems, signaling a potential move toward commercialization. KrakenLabs' findings stress the need for enhanced security practices to defend against EncryptHub’s evolving tactics and tools. Continue here.
