The Program Compatibility Assistant (PCA), a genuine Microsoft Windows component, is being used by the Russian-speaking cybercrime group RedCurl to carry out harmful commands.
Trend Micro stated in an analysis released this month that the Program Compatibility Assistant Service (pcalua.exe) is a Windows service intended to detect and resolve compatibility issues with outdated apps.
By employing this application as a substitute command-line interpreter, adversaries can use it to circumvent security measures and enable command execution. The threat actor in this investigation employs this technology to mask their actions.
RedCurl—also known as Earth Kapre and Red Wolf—has been known to be operating since at least 2018 and has been planning corporate cyber espionage attacks against organizations read more RedCurl Cybercrime Group Abuses Windows Pca Tool for Corporate Espionage.
Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.
The post RedCurl Cybercrime Group Abuses Windows Pca Tool for Corporate Espionage appeared first on Recon Bee.
This post first appeared on 10 Free Sources To Learn Ethical Hacking, please read the originial post: here
