CyberSecurity updates
Updated: 2024-10-10 08:02:33 Pacfic

Flag This


DCRat malware uses HTML smuggling to steal user credentials in Russian-language campaign - 8d

The DCRat, a modular remote access tool (RAT), has been observed utilizing a new attack technique known as HTML smuggling to target users who speak Russian. The malware is disguised as legitimate applications, such as TrueConf and VK Messenger, and delivered via malicious HTML files. Once opened, the HTML files stealthily download a password-protected ZIP file containing a nested RarSFX archive that launches DCRat. This technique allows the malware to bypass traditional security measures and gain access to victims’ systems. Once installed, DCRat leverages its capabilities to execute shell commands, log keystrokes, exfiltrate files, and steal credentials, posing a significant threat to user privacy and security. This campaign highlights the evolving tactics of cybercriminals and the need for increased awareness of potential threats from malicious HTML content.