EncryptHub Strikes Again: The MSC EvilTwin Exploit Unleashes Malware Mayhem!
EncryptHub has turned Microsoft’s Management Console into its evil twin, MSC EvilTwin. This villain exploits a patched Windows vulnerability to unleash malware like Rhadamanthys and StealC. It’s like a digital heist, with .msc files in disguise, sneaking past defenses and stealing data with the charm of a dodgy magician.
Hot Take:
**_The new game in town is called “Whack-a-Zero-Day,” and EncryptHub is leading the league! They’ve managed to exploit a vulnerability in Microsoft Windows with the finesse of a master chef, cooking up a storm with malware backdoors and information stealers. It’s a classic case of ‘Patch Tuesday’ turning into ‘Hack Wednesday.’ Who knew .msc files could be so mischievous?_**
Key Points:
– EncryptHub exploited a zero-day vulnerability in Microsoft Windows, CVE-2025-26633, to deliver malware.
– The attack chain involves manipulating .msc files and the Multilingual User Interface Path (MUIPath).
– The exploit has been dubbed MSC EvilTwin and is linked to the Russian activity cluster Water Gamayun.
– Methods include using ExecuteShellCommand and mock trusted directories to bypass security features.
– The campaign uses digitally-signed MSI files to disguise malware as legitimate Chinese software.