The AceCryptor malware has unleashed a notable surge across Europe, prompting researchers to sound alarm bells. This surge entails thousands of new infections targeting organizations across the continent. Particularly concerning is the malware’s capability to obfuscate malicious code, enabling it to evade detection by traditional antivirus software. Researchers at ESET, who have been monitoring AceCryptor for years, observed a recent campaign marked by an expansion in the types of malware bundled alongside it.
Traditionally associated with malware like Remcos and SmokeLoader, AceCryptor has now been identified distributing additional malicious code, including the STOP ransomware and Vidar stealer. This diversification of malware suggests a strategic shift in the attackers’ tactics, aiming to maximize their impact across European targets. Moreover, researchers have noticed variations in the targeted countries, with specific malware payloads deployed based on the geographic location of the victims.
ESET’s investigation revealed that AceCryptor was employed in campaigns spanning multiple European countries, utilizing spam emails as the primary distribution method. These emails were crafted to be convincing, sometimes even originating from legitimate but compromised email accounts. The overarching objective of this operation appears to be the acquisition of email and browser credentials, likely for further exploitation in subsequent attacks against the targeted organizations. Despite efforts to ascertain the source of these attacks, attribution remains elusive, although past associations with hackers linked to the Russian government have been noted.
