Friend
Professional
- Messages
- 2,653
- Reaction score
- 852
- Points
- 113
HTML Smuggling has become the main trump card of cunning cybercriminals.
Russian-speaking users have become the target of a new cyberattack spreading the DCRat Trojan (also known as the DarkCrystal RAT) through the HTML Smuggling technique. This is the first time that such a delivery method has been used for this malware. Previously, it was distributed exclusively through fake websites or phishing emails with malicious PDF and Excel files.
Netskope researcher Nikhil Hegde notes that malicious code can be embedded directly into an HTML file or downloaded from an external source. Such HTML files are distributed through fake websites or spam mailings, and when they are opened in the browser, malicious code is downloaded to the victim's computer.
For a successful attack, the attackers use social engineering techniques, prompting the victim to open the downloaded file. Netskope detected HTML pages imitating a number of Russian-language sites, including the TrueConf video conferencing platform and the VK social network. When the fake pages are opened, an encrypted ZIP archive containing a RarSFX file is automatically downloaded to the victim's computer, which ultimately launches the DCRat Trojan.
DCRat, which first appeared in 2018, is capable of performing the functions of a full-fledged backdoor with the ability to install additional plugins to expand its capabilities. The malware can execute arbitrary commands on the command line, monitor keystrokes, and steal files and credentials. Experts recommend that organizations monitor HTTP and HTTPS traffic for links to suspicious domains.
In parallel with this campaign, another group of cybercriminals known as Stone Wolf targeted Russian companies spreading the Meduza Stealer malware through phishing emails disguised as offers from legitimate industrial solution providers.
BI. ZONE note that attackers often use archives with malicious files and supposedly legitimate attachments to distract the victim's attention. Using the real names of organizations increases the chances of successful infection.
In addition, specialists are increasingly discovering campaigns in which malicious VBScript and JavaScript code are created using artificial intelligence to then distribute AsyncRAT via HTML Smuggling. HP Wolf Security experts are confident that such activity indicates how AI speeds up the preparation and the process of attack for attackers.
Source
Russian-speaking users have become the target of a new cyberattack spreading the DCRat Trojan (also known as the DarkCrystal RAT) through the HTML Smuggling technique. This is the first time that such a delivery method has been used for this malware. Previously, it was distributed exclusively through fake websites or phishing emails with malicious PDF and Excel files.
Netskope researcher Nikhil Hegde notes that malicious code can be embedded directly into an HTML file or downloaded from an external source. Such HTML files are distributed through fake websites or spam mailings, and when they are opened in the browser, malicious code is downloaded to the victim's computer.
For a successful attack, the attackers use social engineering techniques, prompting the victim to open the downloaded file. Netskope detected HTML pages imitating a number of Russian-language sites, including the TrueConf video conferencing platform and the VK social network. When the fake pages are opened, an encrypted ZIP archive containing a RarSFX file is automatically downloaded to the victim's computer, which ultimately launches the DCRat Trojan.
DCRat, which first appeared in 2018, is capable of performing the functions of a full-fledged backdoor with the ability to install additional plugins to expand its capabilities. The malware can execute arbitrary commands on the command line, monitor keystrokes, and steal files and credentials. Experts recommend that organizations monitor HTTP and HTTPS traffic for links to suspicious domains.
In parallel with this campaign, another group of cybercriminals known as Stone Wolf targeted Russian companies spreading the Meduza Stealer malware through phishing emails disguised as offers from legitimate industrial solution providers.
BI. ZONE note that attackers often use archives with malicious files and supposedly legitimate attachments to distract the victim's attention. Using the real names of organizations increases the chances of successful infection.
In addition, specialists are increasingly discovering campaigns in which malicious VBScript and JavaScript code are created using artificial intelligence to then distribute AsyncRAT via HTML Smuggling. HP Wolf Security experts are confident that such activity indicates how AI speeds up the preparation and the process of attack for attackers.
Source
