The MICROPSIA malware is an info-stealer, which has been noticed in several hacking campaigns concentrated in the Middle East. It has not been confirmed, but it is speculated that the MICROPSIA malware may be a part of the arsenal of the Two-Tailed Scorpion hacking group. This APT (Advanced Persistent Threat) is believed to have links to the infamous terrorist group Hamas. What led cybersecurity experts to believe this is the fact that the MICROPSIA malware comes from the same IP addresses and domains as the VAMP Android Trojan and the KASPERAGENT Trojan, which are both very likely tools of the Two-Tailed Scorpion hacking group. The campaigns involving the MICROPSIA malware targeted high-ranking politicians mainly, as well as scholars and even students alongside various business employees all located in the Middle East.
Propagation and Persistence
The authors of the MICROPSIA threat have written it in the Delphi coding language, and it has been programmed to target machines that run Windows. The infection vector involved in the spreading of the MICROPSIA malware is likely bogus application downloads or phishing emails. The payload of the MICROPSIA threat is stored in a ‘.RAR’ file and is reduced in size greatly as it has been compressed multiple times. The authors of the MICROPSIA malware have masqueraded this threat as a legitimate game or application. The MICROPSIA malware gains persistence by tampering with the Windows Startup directory – it drops a ‘.LNK’ file, which will ensure that even if the user reboots the system, the MICROPSIA will be run.
The MICROPSIA threat has a variety of capabilities. It is able to take screenshots of the desktop of the user. This threat also is programmed to search for documents, as they are likely to have sensitive data so that it would scan the system for files that contain Microsoft Office extensions. The MICROPSIA malware can collect keystrokes in a text file. All the collected data is siphoned to the servers of the perpetrators of the attack.
Users need to be very careful where they download files from because there are many ill-minded actors lurking in the shadows and waiting to exploit innocent people. Make sure you download and install a reputable ant-virus software suite, which will keep threats like the MICROPSIA malware at bay.