In a recent report from eSentire’s Threat Response Unit (TRU), a discovery was made regarding a new threat known as DcRAT. This malware, identified as a clone of AsyncRAT, is a remote access tool equipped with info-stealing and ransomware capabilities.
The TRU team found instances of DcRAT being actively distributed through explicit lures related to OnlyFans pages and other adult content. Victims were enticed into downloading Zip files containing a VBScript loader, executed manually. The filenames suggested that the lure involved explicit photos or content related to adult film actresses.
Despite the lack of telemetry in a specific May case, the analysis of samples submitted to VirusTotal indicated that this malicious activity dates back to January 2023, with new samples submitted as recently as June 4th, 2023. eSentire’s Security Operations Centers, staffed 24/7 with Elite Threat Hunters and Cyber Analysts, play a crucial role in identifying and responding to such threats.
The TRU team, supported by Threat Intelligence, Tactical Threat Response, and Advanced Threat Analytics, offers insights into threat investigations through TRU Positives. In this case, the report outlines how they responded to the confirmed DcRAT threat and provides recommendations for mitigating future risks.
The modus operandi of DcRAT involves exploiting human curiosity through explicit lures, highlighting the evolving tactics of cyber adversaries. This discovery underscores the importance of continuous vigilance and proactive cybersecurity measures to safeguard against emerging threats in the digital landscape.
