MICROPSIA
MICROPSIA is spyware that conducts attacks associated with collecting information and files, as well as downloading other threats. Most MICROPSIA campaigns target Palestine and other Middle Eastern nations, although the United States, also, is a notable target. As with any case of spyware infection, victims should delete MICROPSIA with anti-malware tools immediately before changing all credentials, such as passwords.
A Spy that's Bigger than It Appears
The condition of micropsia, besides referring to the psychological misperception of object sizes, also is the nametag for one of the Two-tailed Scorpion group's most well-updated Trojans. MICROPSIA's label comes from its packing method, which uses multiple RAR archives and UPX compression for making the program look small. Once it unloads itself, however, MICROPSIA transforms into an especially-invasive example of spyware that collects information undetectably.
Although Two-tailed Scorpion (also referred to by APT-C-23) also invests in hoax website-based attacks, such as fake news domains, infection vectors for MICROPSIA, generally, use e-mail links or attachments. The phishing tactic lures the user into opening the file for installing MICROPSIA, which grants the threat actor backdoor access and file-delivering and executing features for escalation purposes.
However, malware experts find that most of MICROPSIA's features relate to monitoring information and collecting it, through attacks such as:
- MICROPSIA uses a C&C command-activated microphone recording feature for catching audio content.
- MICROPSIA monitors USB drives for file formats worth collecting (spreadsheets, text, documents, etc.) and copies them into RAR archives.
- MICROPSIA takes a screenshot every one and a half minutes.
- MICROPSIA also provides general and specific file-exfiltration functionality for the threat actor.
Recent versions of MICROPSIA, also, include a heavily RAR-based means of compressing and concealing the data that these modular attacks harvest.
Keeping MICROPSIA a Genuinely Tiny Problem
Palestinian government employees, along with their Egyptian, Jordanian, and Qatari counterparts, should expect possible MICROPSIA infections arriving through either crafted e-mail tactics or corrupted websites. In most cases, this threat actor prefers regionally-customized tactics, including in-depth Web interfaces and personalized content, such as documents for distracting the target while the Trojan's installation proceeds. Safe browsing habits, such as turning off JavaScript and inspecting links for URL obfuscation, are crucial.
Although MICROPSIA is a Windows-based threat, Two-tailed Scorpion includes additional tools in their software kit for targeting Android phones. Users should react to any infection possibility by, first, disabling the network connection that lets MICROPSIA contact its Command & Control server. Although most anti-malware programs should delete MICROPSIA appropriately, the threat's active maintenance may require similar databases updates for your security solutions. Afterward, changing all passwords is the bare minimum recommendation for re-securing any compromised accounts.
MICROPSIA starts small, unpacks itself into a sprawling, uncompressed mess, and uses RAR-archiving technology for re-compressing the data from its heists. The size of a file is a mutable thing surprisingly, as long as talented but immoral programmers are willing to make their software adaptive in the worst ways.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.