Dcrat

Malware Profile Updated 2 months ago

Download STIX

Preview STIX

DcRAT is a malicious software that has been used in various cyberattacks throughout 2023 and into 2024. The malware, distributed through fake OnlyFans content, deceptive Google Meet sites, and spoofed Skype and Zoom websites, downloads a DcRAT payload when users click on certain elements. This Remote Access Trojan (RAT) allows threat actors to steal confidential information, disrupt operations, or even hold data hostage for ransom. It's part of a broader campaign that includes other threats such as njRAT, DarkComet, AgentTesla, and more. In December 2023, Zscaler’s ThreatLabz uncovered a significant campaign involving the distribution of different RATs to Android and Windows users. These attacks utilized spoofed versions of popular communication platforms like Google Meet, Zoom, and Skype to facilitate the deployment of trojans including NjRAT, DCRat, and SpyNote RAT. The latter was specifically targeted at Android devices, while NjRAT and DCRat were deployed on Windows systems. The threat actors behind these campaigns use a variety of tactics to trick users into downloading their malware payloads. For instance, they provide links to download fake Skype applications that, in reality, are trojans like the SpyNote RAT or DCRat. They also use misleading domain names to entice unsuspecting users to join meetings where they become targets for these attacks. These RATs can log keystrokes, steal files, and compromise sensitive data, making them a significant threat to both individual and network security.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
njRAT	4	NjRAT is a remote-access Trojan (RAT) that has been commonly used in both criminal and targeted attacks since as early as 2013. It is part of a suite of RATs used by attackers, including Remcos and AsyncRAT, to exploit and damage computer systems. NjRAT can identify remote hosts on connected network
Agenttesla	2	AgentTesla is a well-known remote access trojan (RAT) that has been used extensively in cybercrime operations. It infiltrates systems through various methods, including malicious emails and suspicious downloads. Once inside, it can steal personal information, disrupt operations, or hold data hostage
DarkComet	2	DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other es
AsyncRAT	1	AsyncRAT is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Once the executable loads http_dll.dll, the DL
Dark Crystal Rat	1	None
Apocalypse	1	Apocalypse is a threat actor known for its malicious intent in the cybersecurity world. It's associated with a variety of ransomware, including a variant named Al-Namrood. The Apocalypse ransomware and its variants have been a significant concern due to their capacity to encrypt files, making them i

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Rat

Windows

Android

Github

Payload

Skype

Fraud

Loader

Facebook

Trojan

Gbhackers

Cryptominer

Zscaler

Google

Malware

Ransom

Python

WinRAR

Crypter

Ransomware

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Spynote	Unspecified	3	SpyNote is a malicious software (malware) designed to exploit and damage computer systems, often infecting devices through suspicious downloads, emails, or websites. A newer variant of SpyNote has been observed using the Accessibility API to target well-known cryptocurrency wallets. The malware is d
Spynote Rat	Unspecified	1	SpyNote RAT, a malicious software (malware), was first detected in 2017 when it was found embedded within counterfeit Android applications posing as popular platforms such as Netflix, WhatsApp, and Facebook. The malware is designed to exploit and damage systems, with capabilities ranging from steali

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Snake	Unspecified	1	Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Dcrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
DARKReading	2 months ago	AI Voice Generator App Used to Drop Gipy Malware
CERT-EU	5 months ago	Online meeting app lures leveraged for RAT delivery
InfoSecurity-magazine	5 months ago	RATs Spread Via Fake Skype, Zoom, Google Meet Sites
CERT-EU	5 months ago	Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware – GIXtools
DARKReading	5 months ago	Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs
InfoSecurity-magazine	5 months ago	Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign
CERT-EU	5 months ago	Android and Windows RATs Distributed Via Online Meeting Lures \| Zscaler
CERT-EU	5 months ago	Android and Windows RATs Distributed Via Online Meeting Lures \| Zscaler
CERT-EU	5 months ago	Weekly Cyber Security News Letter & Threats Roundup -March 24 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	5 months ago	Hackers Selling DCRat Malware Subscriptions For $5 on Telegram
CERT-EU	a year ago	SapphireStealer: Open-source information stealer enables credential and data theft
CERT-EU	a year ago	Extensive targeting exhibited by novel Mystic Stealer malware
CERT-EU	a year ago	Hackers Hiding DcRAT Malware in Fake OnlyFans Content
Securityaffairs	a year ago	Talos wars of customizations of the open-source info stealer SapphireStealer
CERT-EU	a year ago	Hackers Hiding DcRAT Malware in Fake OnlyFans Content \| IT Security News
CERT-EU	a year ago	OnlyDcRatFans: Malware Distributed Using Explicit Lures of OnlyFans…