Truvasys

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Truvasys is a type of malware that has been circulating for several years. Malware, which stands for malicious software, is designed to damage or exploit computers and other devices. Truvasys typically infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. The group behind the Truvasys campaigns primarily distributes the malware through instant messengers, pointing recipients to malicious documents that invoke the exploit code to launch the malware on victim computers. In each campaign, Truvasys evolved with additional features, indicating a close relationship between the activity groups behind the campaigns and the developers of the malware. Truvasys has also been known to masquerade as common computer utilities such as WinUtils, TrueCrypt, WinRAR, and SanDisk. Truvasys has been involved in several attack campaigns, making it a significant threat to computer security. To protect against this malware, individuals and organizations should be cautious about downloading files or visiting suspicious websites. It is also crucial to keep antivirus software and operating systems up to date to prevent vulnerabilities that may allow malware like Truvasys to infiltrate systems.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Malware
WinRAR
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PROMETHIUMUnspecified
1
Promethium, also known as StrongyPity, is a Turkish-speaking threat actor that has been active since at least 2012. Despite multiple exposures over the years, this entity has remained undeterred and continued to expand its malicious activities. Promethium, along with another threat actor named Neody
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Truvasys Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe - Microsoft Security Blog