Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

New HTML Smuggling Delivers DCRat Malware

September 27, 2024
Reading Time: 2 mins read
in Alerts
New HTML Smuggling Delivers DCRat Malware

A new wave of cyberattacks has emerged, targeting Russian-speaking users through a technique called HTML smuggling, delivering the DCRat (DarkCrystal RAT) malware. This represents a departure from previous malware distribution methods like phishing emails or malicious attachments. In this campaign, attackers embed or fetch malicious payloads through seemingly legitimate HTML files, which evade traditional security filters. Once the file is opened in a victim’s browser, the hidden payload is decoded and downloaded to the system, initiating a series of malicious activities.

Netskope researchers have identified that attackers are using HTML files mimicking well-known Russian platforms such as TrueConf and VK. Upon interacting with these pages, users inadvertently download a password-protected ZIP archive. The ZIP file contains a nested RarSFX archive, which when opened, unleashes the DCRat malware. This trojan is a full-fledged backdoor, enabling attackers to execute shell commands, log keystrokes, and exfiltrate sensitive files and credentials. First released in 2018, DCRat has evolved with additional plugins, allowing it to become a versatile tool for cybercriminals.

This campaign highlights the increasing role of social engineering in malware delivery. By using trusted names and realistic-looking sites, attackers increase the likelihood that victims will open the malicious payload. This level of deception adds to the sophistication of the operation. Researchers from BI.ZONE have also noted a rise in phishing emails targeting Russian companies, often posing as legitimate providers of industrial automation solutions. These emails carry malicious files designed to evade detection, further showcasing how attackers manipulate their targets through trust and familiarity.

In parallel, cybersecurity experts are observing a surge in the use of generative artificial intelligence (GenAI) to enhance cyberattacks. A recent campaign used GenAI to create VBScript and JavaScript code, enabling the spread of malware such as AsyncRAT through HTML smuggling. This convergence of advanced technology and cybercrime lowers the barrier for cybercriminals, accelerating the pace and complexity of attacks. Security professionals urge organizations to closely monitor their HTTP and HTTPS traffic, ensuring systems are not communicating with malicious domains, and to implement stronger web security measures to guard against evolving threats like HTML smuggling.

Reference:
  • New HTML Smuggling Campaign Targets Russian Users with DCRat Malware
Tags: Cyber AlertsCyber Alerts 2024Cyber threatsDarkCrystal RATDCRatHTMLMalwarePhishingRussiaSeptember 2024
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial