Hackers offer ‘fan-only free content’ to infect viruses
- June 20, 2023
- 0
Cybercriminals distribute malware via ZIP files, using explicit content (such as photos and videos) and free content from the OnlyFans adult website as bait. only fans is a
Cybercriminals distribute malware via ZIP files, using explicit content (such as photos and videos) and free content from the OnlyFans adult website as bait.
only fans is a social network where you can share any content by subscription and which allows you to monetize both multimedia content and audio with texts. The cost of a subscription in Spain is from five to about 50 euros per month.
eSentire researchers warned about the campaign “malware” which installs a remote access trojan known as DcRAT, which allows attackers to steal information and credentials, and deploy ransomware on the infected device.
According to the eSentire Threat Response Unit (TRU), this was in May 2023 when this malwarewhich turns out to be a clone of AsyncRAT, a remote access tool (RAT) designed to monitor and manage victims’ computers.
Thus, DcRAT is a remote access tool with information theft and ransomware capabilities, which is actively distributed using free access to premium content from OnlyFans as bait.
In particular, he calls on the victims download ZIP files which claim to contain free sex videos but actually contain a malicious VBSscript downloader that is manually executed.
This downloader is actually a modified version of a Windows “print script” discovered in another malware campaign in 2021, and in addition to the basic ransomware capabilities of keylogging, remote system access, file manipulation, and web-based control, cameras – it can also steal browsing cookies and Discord tokens.
In particular, eSentire notes that after launching a malicious download trojan checks the operating system architecture with window Management Instrumentation (WMI) retrieves a built-in dynamic link library or DDL file and registers it with a given command. In particular, with Regsvr32.exe.
This gives you access to malware in DynamicWrappeX, a tool that allows you to call functions from a Windows Application Programming Interface (API) or other DLL files. Finally, the -BinaryData- payload is loaded into memory.
Source: Aristegui Noticias
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
