Malware, AI/ML, Threat Intelligence

DCRat malware spread with HTML smuggling

Share
Privacy concept: pixelated words Malware on digital background, 3d render

HTML smuggling has been leveraged for the first time by threat actors to target Russian-speaking users with the DCRat community trojan, also known as DarkCrystal RAT, The Hacker News reports.

Attacks involved the distribution of malicious Russian-language HTML files impersonating TrueConf and VK Messenger apps, which when opened stealthily downloads a password-protected ZIP file with a nested RarSFX archive that launches DCRat that not only enables shell command execution and keystroke logging but also allows file and credential exfiltration, an analysis from Netskope revealed. Such a development follows an HP Wolf Security report detailing another HTML smuggling attack that spread the AsyncRAT malware through a generative artificial intelligence-based dropper. "The scripts' structure, comments and choice of function names and variables were strong clues that the threat actor used GenAI to create the malware. The activity shows how GenAI is accelerating attacks and lowering the bar for cybercriminals to infect endpoints," said HP Wolf Security.

DCRat malware spread with HTML smuggling

Attacks involved the distribution of malicious Russian-language HTML files impersonating TrueConf and VK Messenger apps, which when opened stealthily downloads a password-protected ZIP file with a nested RarSFX archive that launches DCRat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.