Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware
Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware — Aug 16, 2025Ravie LakshmananMalware / Vulnerability EncryptH
What’s new: The Russian hacking group EncryptHub is exploiting the CVE-2025-26633 vulnerability, known as MSC EvilTwin, to deploy Fickle Stealer malware. This campaign combines social engineering tactics with technical exploitation, using rogue Microsoft Console (MSC) files to trigger infections. The group has been active since mid-2024 and employs various methods, including fake job offers and compromised platforms, to deliver malware.
Who’s affected
Organizations using Microsoft Windows systems that have not applied the patch for CVE-2025-26633 are at risk. The threat actor targets individuals through social engineering tactics, including impersonating IT personnel and using fake video conferencing platforms.
What to do
- Ensure that all Microsoft Windows systems are updated with the latest security patches, specifically addressing CVE-2025-26633.
- Implement user awareness training to recognize social engineering tactics, such as phishing attempts and fake IT communications.
- Monitor network traffic for unusual activity that may indicate malware communication with command-and-control servers.
- Consider deploying advanced threat detection solutions to identify and mitigate potential malware infections.
