Micropsia

Micropsia is a malicious software (malware) that we have been studying alongside another malware named KASPERAGENT. Both of these malwares are designed to infiltrate and exploit computer systems, potentially causing significant disruption and data theft. Micropsia, specifically, is a Remote Access Trojan (RAT) written in Delphi and has been used in recent hacking campaigns across the Middle East. We first identified the Command and Control (C2) server for these malwares as mailsinfo[.]com, which executes Micropsia on infected systems. Our research into Micropsia and KASPERAGENT led us to discover a new campaign linked to the server mail.pal4u[.]net on 148.251.135[.]117. This server houses the C2 infrastructure for this new operation, marking a continuation of our previous work. The discovery of this new campaign started from where our earlier research left off, leading to further insights into the C2 infrastructure associated with these malwares. According to an analysis by Symantec's Threat Hunter Team in April 2023, the group deploying Micropsia targets various sectors including government, military, financial, media, education, energy, and research and policy entities. They use updated versions of custom Micropsia and Arid Gopher backdoors to maintain a persistent presence on targeted networks. It's important to note that despite the different decoy documents used in attacks, the core Micropsia malware remains identical, highlighting its consistent threat.