DcRAT info stealer delivered via adult content lures

Threat actors have been distributing the DcRAT information-stealing malware, a modified AsyncRAT variant, through fraudulent lures for adult content subscription service OnlyFans and other adult content since January, according to BleepingComputer. Victims have been tricked to download ZIP files with a VBScript loader resembling a slightly modified Windows printing script used in a 2021 campaign, which when launched would prompt examination of the OS architecture before facilitating embedded DLL file extraction and enabling access to the DynamicWrapperX tool, a report from eSentire showed. Researchers found that the BinaryData payload is then loaded into memory, with DcRAT then injected into the legitimate "RegAsm.exe" process that eludes antivirus system scanning. Aside from featuring keylogging, file modification, webcam monitoring, and remote access capabilities, DcRAT could also enable browser credential and cookie theft and Discord token exfiltration, as well as encrypt all non-system files through a ransomware plugin.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.