According to the researchers ESETis spreading in Europa a fearsome tool used by hackers with thousands of cases reported in recent days.
We are talking about a tool that allows cybercriminals to obfuscate malware and install it on devices, evading much of the software antivirus. Researchers have been monitoring the situation for years, with AceCryptor who has demonstrated a great ability to adapt to the context in which he finds himself.
The utility is usually bundled with malware like Remcos, Rescoms o SmokeLoader. In other cases, AceCryptor is used to spread infostealer (come Further) or ransomware attacks STOP.
Specifically, the spread malicious agent appears to depend on the targeted territory. L’Ukraine, for example, often sees the combination of AceCryptor and SmokeLoader. For Poland, Slovakia, Bulgaria e Serbiahowever, Remcos seems to appear more frequently.
AceCryptor helps hackers spread malware, infostealers, and ransomware attacks
According to experts, this tool is used to target particular European countries with a similar modus operandi in all contexts. In fact, we are talking about malware spread through e-mail the spam which, in many cases, however, turn out to be quite plausible.
In this regard, hackers often exploit previously hacked email accounts which, at first glance, do not arouse particular suspicion in potential victims. The main objectives of cybercriminals appear to be to increase the number of emails in order to exploit them future illegal operations.
According to data collected by ESET, during the first half of 2023 the countries most involved in AceCryptor operations were those ofAmerica Latina (Peru e Mexico) as well as Egypt e Türkiye. In the second half of the year, however, cyber criminals shifted their target to Europe, starting to target the aforementioned countries.
In this sense, the researchers’ data calculated approx 26,000 attacks confirmed in Poland between the end of 2023 and the first months of this year. In the Polish context, emails exploited as a vector often concerned B2B offers aimed at company owners with senders who, as already mentioned, exploited the names of real companies present in the country.
Although ESET is unable to identify those responsible for the campaign, Remcos and SmokeLoader are malicious agents usually linked to hacker groups close to the Russian government.