RST TI Report Digest: 17 Mar 2025

EncryptHub is a cybercriminal organization conducting a multi-stage malware campaign that trojanizes commonly used applications to deliver payloads, uses PowerShell and third-party automation to deploy malware, and focuses on exfiltrating sensitive data (cryptocurrency wallets and browser-stored credentials); the report enumerates active infrastructure and numerous IoCs (IP addresses, domains, URLs, and many SHA-256 hashes) and highlights the group's ongoing development of a remote access tool dubbed "EncryptRAT."