1080*80 ad
Home » Blog » EncryptHub Campaign Exploits MSC EvilTwin Flaw, Abuses Brave Support

EncryptHub Campaign Exploits MSC EvilTwin Flaw, Abuses Brave Support

Benhcmark Administrator Benhcmark Administrator
16/08/2025
0 Views 0
EncryptHub Campaign Exploits MSC EvilTwin Flaw, Abuses Brave Support

New Cyber Threat: EncryptHub Campaign Impersonates Brave Support to Deliver Malware

A sophisticated malware campaign is actively targeting internet users by impersonating the official support team for the Brave web browser. Security researchers have identified this operation, dubbed the “EncryptHub campaign,” which uses clever social engineering and a little-known system flaw to trick victims into compromising their own devices.

This new threat highlights the increasing creativity of cybercriminals, who are combining trusted brand names with technical exploits to bypass user suspicion.

The Deception: Abusing Trust in Brave Browser Support

The attack begins with a classic social engineering tactic. Attackers pose as helpful Brave support agents on public forums, social media, or other online communities where users might seek assistance. By offering a “solution” to a user’s problem, they build a false sense of trust and authority.

Once the victim is engaged, the fake support agent instructs them to download and run a supposed troubleshooting tool. This tool is not a legitimate utility but a carefully crafted malicious file designed to infect their system. The primary goal is to convince the user that the file is safe and necessary to resolve their issue.

The Weapon: Malicious MSC Files and the “EvilTwin” Flaw

Instead of using common malicious file types like .exe or .zip files, which often trigger security warnings, this campaign utilizes Microsoft Management Console (.msc) files. These are legitimate system files used by Windows administrators to manage settings and system components, making them less likely to be immediately flagged as dangerous.

The attackers are exploiting a specific vulnerability known as the MSC EvilTwin flaw. Here’s how it works:

  • A malicious .msc file is created that appears to be a simple, harmless utility.
  • However, hidden within its code is a command to execute a malicious script, often a PowerShell script.
  • When the user double-clicks the .msc file, Windows runs it with elevated privileges, executing the hidden malicious script in the background without the user’s knowledge.

This method is particularly dangerous because it leverages a trusted Windows process to launch the attack, allowing it to evade detection by some antivirus solutions. The result is a full system compromise, initiated by a file the user was tricked into believing was a legitimate support tool.

The Consequences of Infection

Once the malicious script is executed, the attackers can deploy a wide range of malware onto the compromised system. The potential consequences for the victim are severe and can include:

  • Data-stealing Trojans: Malware designed to steal login credentials, financial information, and personal files.
  • Keyloggers: Software that records every keystroke, capturing passwords and sensitive conversations in real-time.
  • Remote Access Trojans (RATs): Giving the attacker complete control over the victim’s computer to access files, turn on the webcam, and monitor activity.
  • Ransomware Deployment: Encrypting all the user’s files and demanding a payment for their release.

The ultimate goal of the EncryptHub campaign appears to be financial gain, either through direct theft of funds and credentials or by selling stolen data on dark web markets.

How to Protect Yourself: Actionable Security Tips

Staying safe from this and similar threats requires a combination of vigilance and good security practices. Follow these essential steps to protect your devices and data.

  1. Verify Official Support Channels: Always source technical support directly from a company’s official website. Never trust individuals on forums or social media who claim to be official support and ask you to download files. Legitimate support will almost never ask you to run an unknown script or .msc file.

  2. Be Suspicious of Uncommon File Types: Be extremely cautious if anyone asks you to download and run files, especially system files like .msc, .ps1, .bat, or .vbs. Unless you are an IT professional who knows exactly what you are doing, you should not be running these files from an untrusted source.

  3. Enable File Extension Visibility: By default, Windows sometimes hides file extensions. Ensure you have this feature turned off so you can see the full file name (e.g., BraveFix.msc instead of just BraveFix). This helps you identify potentially dangerous file types.

  4. Use a Reputable Security Suite: A modern antivirus and anti-malware solution is critical. These tools can often detect and block malicious scripts and unauthorized system changes before they can do damage.

  5. Keep Your System Updated: Ensure your operating system and all software are regularly updated. Patches often fix security vulnerabilities that attackers can exploit.

By remaining skeptical of unsolicited help and scrutinizing any file before running it, you can significantly reduce your risk of falling victim to sophisticated social engineering campaigns like this one.

Source: https://securityaffairs.com/181203/cyber-crime/encrypthub-abuses-brave-support-in-new-campaign-exploiting-msc-eviltwin-flaw.html

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket