A new fileless malware campaign known as Water Basilisk is using a new variant of HCrypt to install a number of remote access Trojans (RATs) onto victims' computers.
HCrypt is a popular crypter-as-a-service, used by attackers to install RATs, because its fileless nature makes it more difficult to detect. HCrypt relies primarily on VBScript and PowerShell commands to download and install malicious payloads onto victim systems.
The final stage of the attack installs common RATs, such as NjRat, Nanocore, and QuasarRat. Some instances also saw a Bitcoin or Ethereum hijacker installed, which stealthily replaces Bitcoin or Ethereum wallet addresses in the clipboard with a wallet address controlled by the attacker.
The behavioral detection capabilities in Acronis Cyber Protect recognize and block the malicious behaviors exhibited by these payloads, keeping your systems and data safe from harm.