Dcrat

Malware Profile Updated 6 days ago
Download STIX
Preview STIX
DcRAT is a malicious software that has been used in various cyberattacks throughout 2023 and into 2024. The malware, distributed through fake OnlyFans content, deceptive Google Meet sites, and spoofed Skype and Zoom websites, downloads a DcRAT payload when users click on certain elements. This Remote Access Trojan (RAT) allows threat actors to steal confidential information, disrupt operations, or even hold data hostage for ransom. It's part of a broader campaign that includes other threats such as njRAT, DarkComet, AgentTesla, and more. In December 2023, Zscaler’s ThreatLabz uncovered a significant campaign involving the distribution of different RATs to Android and Windows users. These attacks utilized spoofed versions of popular communication platforms like Google Meet, Zoom, and Skype to facilitate the deployment of trojans including NjRAT, DCRat, and SpyNote RAT. The latter was specifically targeted at Android devices, while NjRAT and DCRat were deployed on Windows systems. The threat actors behind these campaigns use a variety of tactics to trick users into downloading their malware payloads. For instance, they provide links to download fake Skype applications that, in reality, are trojans like the SpyNote RAT or DCRat. They also use misleading domain names to entice unsuspecting users to join meetings where they become targets for these attacks. These RATs can log keystrokes, steal files, and compromise sensitive data, making them a significant threat to both individual and network security.
What's your take? (Question 1 of 5)
75a83ec0-b07c-4c09-a90a-225150609b26 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
njRAT
4
NjRAT is a malicious software, or malware, that has been used in both criminal and targeted attacks since 2013. This remote-access Trojan (RAT) is capable of identifying remote hosts on connected networks (T1018) and detecting if the victim system has a camera during the initial infection (T1120). I
Agenttesla
2
AgentTesla is a well-known Remote Access Trojan (RAT) that has been utilized in numerous cybercrime activities. It is often delivered through malicious emails or suspicious downloads, and once inside the system, it can steal personal information, disrupt operations, or even hold data for ransom. The
DarkComet
2
DarkComet is a type of malware, specifically a Remote Access Trojan (RAT), that opens a backdoor on an infected computer to steal information. It is part of a larger family of RATs which includes other malicious software such as PlugX, ShadowPad, and AsyncRAT. DarkComet, along with these other RATs,
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Android
Rat
Windows
Payload
Skype
Github
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SpynoteUnspecified
3
SpyNote is a malicious software (malware) designed to exploit and damage computer systems, often infecting devices through suspicious downloads, emails, or websites. A newer variant of SpyNote has been observed using the Accessibility API to target well-known cryptocurrency wallets. The malware is d
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dcrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
OnlyDcRatFans: Malware Distributed Using Explicit Lures of OnlyFans…
CERT-EU
a year ago
Hackers Hiding DcRAT Malware in Fake OnlyFans Content
CERT-EU
3 months ago
Hackers Selling DCRat Malware Subscriptions For $5 on Telegram
CERT-EU
a year ago
Hackers Hiding DcRAT Malware in Fake OnlyFans Content | IT Security News
CERT-EU
a year ago
Extensive targeting exhibited by novel Mystic Stealer malware
CERT-EU
3 months ago
Android and Windows RATs Distributed Via Online Meeting Lures | Zscaler
CERT-EU
3 months ago
Android and Windows RATs Distributed Via Online Meeting Lures | Zscaler
Securityaffairs
9 months ago
Talos wars of customizations of the open-source info stealer SapphireStealer
CERT-EU
9 months ago
SapphireStealer: Open-source information stealer enables credential and data theft
DARKReading
3 months ago
Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs
InfoSecurity-magazine
3 months ago
Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign
InfoSecurity-magazine
3 months ago
RATs Spread Via Fake Skype, Zoom, Google Meet Sites
CERT-EU
3 months ago
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware – GIXtools
CERT-EU
3 months ago
Online meeting app lures leveraged for RAT delivery
CERT-EU
3 months ago
Weekly Cyber Security News Letter & Threats Roundup -March 24 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
DARKReading
6 days ago
AI Voice Generator App Used to Drop Gipy Malware