News

Russian companies are attacked by mailings with PyCrypter ransomware

Security Parrot Editorial Team

FACCT Cybersecurity Center Warns of Mass Malicious Email Attack

Attackers Use CryptoBOSS Cryptocurrency and VPN App as Bait

The FACCT Cybersecurity Center has issued a warning about a mass malicious email campaign targeting Russian industrial, transport and IT companies. The emails, intercepted on July 9 by the FACCT automated email security system, advertise a “secure and completely anonymous access to all currencies” through the CryptoBOSS cryptocurrency and VPN app.
However, the download link for the free license actually leads to a download of the PyCrypter ransomware. The domain from which the malware is downloaded (crypto4boss[.]com) is quite fresh, registered on July 6, specifically for this attack, against a user with the email address vladymir.stojanov@hotmail[.]com.
The researchers say that this account with the username Vladimir Stoyanov was already used in the fall of 2022 and in the spring of 2023 in the mailing lists of another ransomware, Cryptonite. Then, in letters on behalf of Prime Minister Mikhail Mishustin, they warned of an attack by some kind of spyware prepared by “American IT specialists.”
At that time, users were required to download a “program from the Ministry of Internal Affairs”, which allegedly removes malware and protects against re-infection. But in fact, the victim downloaded the ransomware from the link to Google Drive.
Now this story is repeating itself, but this time the attackers are using a crypto-currency exchanger as a bait.

Indicators of Compromise

Below are the indicators of compromise of the mailing as of July 9, 2023:

  • Domain: crypto4boss[.]com
  • Relevant sample SHA-256: crypto4bossetup.exe – 2867f0ae09b771bcd9ad56b77eb5b9b2e6c4f4ce826a55a35d28dbbf88bd2392

The FACCT Cybersecurity Center is urging all Russian industrial, transport and IT companies to be aware of this malicious email campaign and to take all necessary measures to protect their systems. Companies should ensure that their systems are up to date with the latest security patches and that their antivirus and anti-malware software is up to date. Additionally, users should be wary of any emails that appear to be from unknown sources and should never click on links or download attachments from such emails.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?