CyberSecurityBoard
Sponsor Register Login

We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain

The focus will be on a multi-stage infection process involving Visual Basic Script (VBS), a batch file, and a PowerShell script, ultimately leading to the deployment of high-profile malware like DCRat or Rhadamanthys infostealer. The Acronis Threat Research Unit analyzes threats like DCRat as a part of our ongoing research and development work to ensure that our security solutions — such as Acronis Advanced Security + Extended Detection and Response (XDR) — are prepared for emerging threats. The Acronis Threat Research Unit (TRU) was presented with an interesting threat chain and malware sample for analysis that involved a known cyberthreat along with some interesting twists in targeting and obfuscation. The analysis of this malware delivery chain by the Acronis Threat Research Unit (TRU) has yielded several key findings. The complexity of the delivery chain introduces multiple layers of obfuscation, making it challenging for security solutions to detect and block the malware at each step. The multi-stage process, involving multiple script languages and obfuscation techniques, can effectively bypass security solutions, leading to unauthorized access, data theft, and system compromise. Acronis Threat Research Unit's detailed analysis of DCRat provides a comprehensive understanding of this new threat, including secure code samples and screenshots. The deployment of high-profile malware like DCRat or Rhadamanthys infostealer through this complex delivery chain poses significant risks. By monitoring and blocking the execution of encoded payloads in memory, these solutions can prevent the loading of final malware like DCRat, Rhadamanthys, or Remcos. When executed, this VBS file initiates a multistage delivery process, setting the stage for the deployment of the final malicious payload. Acronis XDR leverages real-time protection and in-house-developed generic script emulators to de-obfuscate and analyze scripts, allowing for early detection and neutralization of threats.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 01 Apr 2025 17:45:06 +0000


Cyber News related to We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain

The Persistent Danger of Remcos RAT - From initial infection to persistent control, the Remcos RAT campaign exemplifies the evolving nature of cyber threats and the need for proactive defense measures. This ecosystem is supported by a diverse array of servers that function as command and ...
1 year ago Cyberdefensemagazine.com
Digital Battlefield: Syrian Threat Group's Sinister SilverRAT Emerges - Cyfirma claims that the developers maintain a sophisticated and active presence on multiple hacker forums and social media platforms, as outlined by the cybersecurity company. Besides operating a Telegram channel offering leaked databases, carding ...
1 year ago Cysecurity.news
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain - The focus will be on a multi-stage infection process involving Visual Basic Script (VBS), a batch file, and a PowerShell script, ultimately leading to the deployment of high-profile malware like DCRat or Rhadamanthys infostealer. The Acronis Threat ...
2 months ago Bleepingcomputer.com
Microsoft: New RAT malware used for crypto theft, reconnaissance - Last but not least, Microsoft says StilachiRAT allows command execution and potential SOCKS-like proxying using commands from a command-and-control (C2) server to the infected devices, which can let the threat actors reboot the compromised system, ...
3 months ago Bleepingcomputer.com
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets - A new variant of the infamous "Gh0st RAT" malware has been identified in recent attacks targeting South Koreans and the Ministry of Foreign Affairs in Uzbekistan. The Chinese group "C.Rufus Security Team" first released Gh0st RAT on the open Web in ...
1 year ago Darkreading.com
Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms - Attackers likely tied the creators of the XorDdos Linux remote access Trojan have been wielding a separate Linux RAT for nearly two years without detection, using it to target organizations in Thailand and maintain malicious access to infected ...
1 year ago Darkreading.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
11 months ago Pandasecurity.com
FBI seizes Warzone RAT infrastructure, arrests malware vendor - The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. Daniel Meli, 27, a resident of Malta, was arrested last week for his role in the proliferation of ...
1 year ago Bleepingcomputer.com
Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
1 year ago Feeds.dzone.com
'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE - A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan that evades detection, partially by showing up as legitimate software. Threat actors previously have used the RAT ...
1 year ago Darkreading.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com
FBI Shuts Down Warzone RAT; Cybercriminals Arrested - In a major victory against cybercrime, the FBI has successfully taken down the Warzone RAT malware operation. This operation led to the arrest of two individuals involved in the illicit activities. One of the suspects, 27-year-old Daniel Meli from ...
1 year ago Cysecurity.news
Chinese hackers target Russian govt with upgraded RAT malware - Security researchers at Kaspersky's Global Research and Analysis Team (GReAT) spotted the updated implant while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word ...
2 months ago Bleepingcomputer.com CVE-2021-40449
The Invisible Storm: Why Cloud Malware Is Your Business's New WeatherEmergency - Protecting your business from cloud malware requires a fundamental shift in security thinking, as traditional defenses simply weren’t designed for these sophisticated airborne threats. Recent research by Cloud Storage Security identified ...
1 month ago Cybersecuritynews.com
How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
1 year ago Gbhackers.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 year ago Pandasecurity.com
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities - The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and ...
1 year ago Thehackernews.com CVE-2023-38831 APT3 SideCopy Transparent Tribe
NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps - Security experts recommend users maintain updated antivirus software, implement application whitelisting, disable PowerShell execution for standard users, and be vigilant about suspicious links or commands. As Neptune RAT continues to evolve with new ...
2 months ago Cybersecuritynews.com
How Stealthy Python Rat Malware is Targeting Windows Systems - Cybersecurity experts have recently alerted Windows users to a new malware threat: a stealthy python-based RAT malware that is specifically targeting Windows systems. The malware, which has been dubbed “Python Rat” by security researchers, has ...
2 years ago Bleepingcomputer.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)