Hackers use fake OnlyFans content to steal data by dropping malware
San Francisco, June 25 (IANS) A malware campaign is distributing fake OnlyFans content and adult lures in order to install the remote access trojan ‘DcRAT’ on victims’ devices to steal data and credentials, or to deploy ransomware on the infected device.
OnlyFans is a content subscription service where paid subscribers can access private photos, videos, and posts from adult models, celebrities, and social media personalities.
According to BleepingComputer, the new campaign, discovered by eSentire, has been active since January 2023, spreading ZIP files containing a VBScript loader that the victim is tricked into manually executing, believing they are about to access premium OnlyFans collections.
The infection chain is unknown, but it could come from malicious forum posts, instant messages, malvertising, or even black SEO sites ranking high in specific search terms.
Moreover, the report said that DcRAT is capable of keylogging, webcam monitoring, file manipulation, and remote access, as well as stealing web browser credentials and cookies and stealing Discord tokens.
DcRAT also includes a ransomware plugin that targets all non-system files and appends the “.DcRat” filename extension to encrypted files.
Meanwhile, researchers have observed a surge of malware written for the Android platform that is attempting to impersonate the popular AI chatbot ChatGPT application to target smartphone users.
According to researchers from Palo Alto Networks Unit 42, these malware variants emerged along with the release by OpenAI of GPT-3.5, followed by GPT-4, infecting victims interested in using the ChatGPT tool.