Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
26.08.2025
17221
A sophisticated phishing campaign leveraging UpCrypter has been active since August 2025, using fake voicemail emails to deploy remote access trojans (RATs) with anti-analysis techniques, targeting global industries.
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Hey, listen up — a slick phishing operation has been running since August 2025, using UpCrypter to hide RATs in fake voicemail emails. It's hitting industries worldwide with anti-analysis tricks to stay under the radar.
The campaign starts with emails pretending to be voicemail notifications, luring users to click and download malicious attachments. Once opened, UpCrypter decrypts and deploys RAT payloads for full system control.
Anti-analysis measures include steganography to hide code in images and evasion techniques to bypass security tools. This makes detection a nightmare for defenders.
Targets span multiple sectors globally, with a focus on tech and finance. The use of Microsoft 365 lures suggests attackers are exploiting trusted platforms to gain initial access.
Threat intelligence points to sophisticated actors behind this, possibly linked to previous campaigns. Stay vigilant — if you get a suspicious voicemail email, don't click that link!
- • Campaign active since August 2025
- • Uses UpCrypter for encryption and decryption
- • Delivers RAT payloads via fake voicemail emails
- • Incorporates anti-analysis and steganography
- • Targets global industries, especially tech and finance
#Sainbox RAT#UpCrypter#malware#steganography#phishing
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
