MICROPSIA

Posted: July 11, 2019

MICROPSIA Description

MICROPSIA is spyware that conducts attacks associated with collecting information and files, as well as downloading other threats. Most MICROPSIA campaigns target Palestine and other Middle Eastern nations, although the United States, also, is a notable target. As with any case of spyware infection, victims should delete MICROPSIA with anti-malware tools immediately before changing all credentials, such as passwords.

A Spy that's Bigger than It Appears

The condition of micropsia, besides referring to the psychological misperception of object sizes, also is the nametag for one of the Two-tailed Scorpion group's most well-updated Trojans. MICROPSIA's label comes from its packing method, which uses multiple RAR archives and UPX compression for making the program look small. Once it unloads itself, however, MICROPSIA transforms into an especially-invasive example of spyware that collects information undetectably.

Although Two-tailed Scorpion (also referred to by APT-C-23) also invests in hoax website-based attacks, such as fake news domains, infection vectors for MICROPSIA, generally, use e-mail links or attachments. The phishing tactic lures the user into opening the file for installing MICROPSIA, which grants the threat actor backdoor access and file-delivering and executing features for escalation purposes.

However, malware experts find that most of MICROPSIA's features relate to monitoring information and collecting it, through attacks such as:

  • MICROPSIA uses a C&C command-activated microphone recording feature for catching audio content.
  • MICROPSIA monitors USB drives for file formats worth collecting (spreadsheets, text, documents, etc.) and copies them into RAR archives.
  • MICROPSIA takes a screenshot every one and a half minutes.
  • MICROPSIA also provides general and specific file-exfiltration functionality for the threat actor.

Recent versions of MICROPSIA, also, include a heavily RAR-based means of compressing and concealing the data that these modular attacks harvest.

Keeping MICROPSIA a Genuinely Tiny Problem

Palestinian government employees, along with their Egyptian, Jordanian, and Qatari counterparts, should expect possible MICROPSIA infections arriving through either crafted e-mail tactics or corrupted websites. In most cases, this threat actor prefers regionally-customized tactics, including in-depth Web interfaces and personalized content, such as documents for distracting the target while the Trojan's installation proceeds. Safe browsing habits, such as turning off JavaScript and inspecting links for URL obfuscation, are crucial.

Although MICROPSIA is a Windows-based threat, Two-tailed Scorpion includes additional tools in their software kit for targeting Android phones. Users should react to any infection possibility by, first, disabling the network connection that lets MICROPSIA contact its Command & Control server. Although most anti-malware programs should delete MICROPSIA appropriately, the threat's active maintenance may require similar databases updates for your security solutions. Afterward, changing all passwords is the bare minimum recommendation for re-securing any compromised accounts.

MICROPSIA starts small, unpacks itself into a sprawling, uncompressed mess, and uses RAR-archiving technology for re-compressing the data from its heists. The size of a file is a mutable thing surprisingly, as long as talented but immoral programmers are willing to make their software adaptive in the worst ways.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to MICROPSIA may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.