DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

30 September 2024

In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized. Delivered through HTML smuggling, a technique not previously seen with DCRat, the malware leverages its typical RAT capabilities to execute shell commands, log keystrokes, exfiltrate files, and steal credentials, which marks a new delivery method for DCRat, expanding its threat landscape. HTML smuggling involves embedding obfuscated malicious payloads within HTML code, often retrieved from remote sources, which are designed to bypass security measures and execute in the victim’s browser. Leveraging AI for enhanced security => Free Webinar Once rendered, the payloads are transformed into their original form and written to disk, potentially requiring user interaction, which has been exploited by various malware families, including Azorult, Pikabot, and DCRat, to deliver malicious code to unsuspecting users.

Source: GBHackers

Date:

30 September 2024

Categorie(s):

NEWS

Tag(s):

Credential Theft, Cyber Security News, HTML, Malware, Smuggling

Identity-related data breaches cost more than average incidents6 November 2024
China’s Volt Typhoon reportedly breached Singtel in ‘test-run’ for US telecom attacks6 November 2024
Snowflake data theft suspect arrested in Canada6 November 2024
Scumbag puts ‘stolen’ Nokia source code, SSH and RSA keys, more up for sale6 November 2024
Canada arrests suspected hacker over breach of 160+ Snowflake users’ data6 November 2024