The Reveal Platform
Intel Name: Phishing campaign targeting companies via upcrypter
Date of Scan: August 27, 2025
Impact: High
Summary: A recent phishing campaign is targeting companies through emails containing malicious URLs that lead to spoofed websites tailored to the recipient’s email domain. These convincing sites trick users into downloading JavaScript files that act as droppers for UpCrypter malware. Once executed, UpCrypter installs multiple remote access tools (RATs), including PureHVNC, DCRat, and Babylon RAT, allowing attackers to gain control over infected systems.
