CyberSecurity news
FlagThis
do son@securityonline.info
//
Cybercriminals are actively exploiting the Signal messaging application to distribute an information-stealing Remote Access Trojan (RAT), raising serious privacy concerns. According to a recently published report, a cybercriminal group identified as UNC-200 is behind the campaign, which involves targeting high-value individuals within Ukraine's defense sector. The Computer Emergency Response Team of Ukraine (CERT-UA) has issued warnings about this campaign, which utilizes the Dark Crystal RAT (aka DCRat) to compromise systems.
This malicious activity involves distributing messages via Signal that contain what appears to be meeting minutes. These messages are sent from compromised accounts to enhance credibility, enticing unsuspecting users to download malicious archive files. The archives contain a decoy PDF and an executable that deploys the DCRat malware, giving attackers remote access and control, stealing valuable information and executing arbitrary commands. CERT-UA attributes this activity to UAC-0200, active since summer 2024, who noted that the use of popular messengers increases the attack surface, including due to the creation of uncontrolled information exchange channels.
ImgSrc: securityonline.
References :
This malicious activity involves distributing messages via Signal that contain what appears to be meeting minutes. These messages are sent from compromised accounts to enhance credibility, enticing unsuspecting users to download malicious archive files. The archives contain a decoy PDF and an executable that deploys the DCRat malware, giving attackers remote access and control, stealing valuable information and executing arbitrary commands. CERT-UA attributes this activity to UAC-0200, active since summer 2024, who noted that the use of popular messengers increases the attack surface, including due to the creation of uncontrolled information exchange channels.
ImgSrc: securityonline.
Share:
References :
- cyberinsider.com: Ukraine Warns Signal Used for Spreading RATs on High-Value Targets
- securityonline.info: CERT-UA Alert: DarkCrystal RAT Deployed via Signal in Ukraine
- SOC Prime Blog: Detect UAC-0200 Attacks Using DarkCrystal RAT
- The DefendOps Diaries: Russian Cyber Espionage Targets Ukrainian Military via Signal
- BleepingComputer: Ukrainian military targeted in new Signal spear-phishing attacks
- BleepingComputer: Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces.
- securityaffairs.com: CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
- The Hacker News: CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
- BleepingComputer: Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces.
- Sam Bent: Report: Cybercriminals Leverage Signal App to Deploy Info-Stealing RAT, Raising Privacy Concerns
- bsky.app: CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
- www.scworld.com: Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files.
Classification:
- HashTags: #CyberSecurity #Malware #Signal
- Company: Signal
- Target: Ukrainian Defense Sector
- Attacker: UNC-200
- Product: Signal
- Feature: Messaging Application
- Malware: DarkCrystal RAT
- Type: Malware
- Severity: Major