216.73.216.86

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub's Expanding Arsenal

· Published 14/08/2025 20:58 · Modified 15/08/2025 12:37

Export JSON

Essential information

Published
14/08/2025 20:58
Modified
15/08/2025 12:37
Tags
2025-08-14 CVE-2025-26633 brave support fickle stealer golang powershell rivatalk silentcrystal social engineering socks5 proxy
Related entities
1 vulnerabilities (cve), 16 observables, 1 intrusion sets (apt), 2 techniques (mitre), 2 malware

Description

EncryptHub, an emerging threat group, has launched a campaign combining with exploitation of to deliver malicious payloads. The attackers impersonate IT support staff, use remote desktop sessions, and execute commands to deploy malware. The campaign abuses the platform to host payloads and employs new tools like and a backdoor. EncryptHub also created a fake video call platform, , to distribute malware. The group's tactics include using AES-encrypted commands, generating fake browser traffic, and exploiting system vulnerabilities. This adaptive adversary highlights the need for layered defense strategies, ongoing threat intelligence, and user awareness training to mitigate risks.

External references