Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads

A fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems uses a newer obfuscation mechanism compared to what has been observed in past reports. It reached the peak of activity in the middle of August 2021.

HCrypt is a crypter and multistage generator that is considered difficult to detect. It is identified as a crypter-as-a-service, paid for by threat actors to load a RAT (or in this case RATs) of their choosing. The campaign also showed new obfuscation techniques and attack vectors, different from those that were observed in the past.

Read more…
Source: Trend Micro