PseudoManuscrypt was first documented by the Russian cybersecurity company Kaspersky in December 2021, when it revealed details of a “large-scale spyware attack campaign” that infected more than 35,000 computers in 195 countries around the world.
The targets of the PseudoManuscrypt attacks, which were originally discovered in June 2021, include a significant number of industrial and government organizations, including companies in the military-industrial complex and research laboratories in Russia, India, Brazil, among others.
The main payload module equipped is useful with a wide and varied espionage functionality that gives the attackers almost total control of the realized system. It includes stealing VPN connection details, recording microphone audio, and capturing clipboard content and operating system event log data.
Furthermore, PseudoManuscrypt can access a remote command-and-control server under the control of the attacker to carry out various malicious activities, such as downloading files, executing arbitrary commands, logging keystrokes, and taking screenshots and videos of the screen.
As this malware is disguised as illegal software installer and distributed to random individuals via malicious sites, users should be careful not to download relevant programs. As the malicious files can also register for the service and perform continuous malicious behavior without the user’s knowledge.