1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Fake OnlyFans content is luring users into installing malware

    From TechnologyDaily@1337:1/100 to All on Wed Jun 21 14:30:03 2023
    Fake OnlyFans content is luring users into installing malware

    Date:
    Wed, 21 Jun 2023 13:01:25 +0000

    Description:
    A dangerous RAT could infect victims and cause all sorts of problems for OnlyFans users.

    FULL STORY ======================================================================

    Adult-oriented subscription service OnlyFans has been hit with a new malware campaign that sees fake content being used to infect users' devices with a Remote Access Trojan (RAT).

    Security firm eSentire discovered the operation, which has been ongoing since the start of this year. ZIP files are distributed that contain a VBScript loader that users unwittingly activate when they think they are getting
    access to premium OnlyFans content.

    It is not known exactly what the initial attack vector is that lures victims, but there are suggestions that it could be forum posts, instant messages, malvertising links or Black SEO sites that rank near the top of search
    results for certain terms. DcRAT

    The OnlyFans brand has been used before by threat actors, including in
    January 2023, where hackers abused an open redirect link on an official UK government website to direct users to a fake version of the site.

    In this new campaign, the payload has been dubbed DcRAT, which is a modified version of the freely available AsyncRAT on GitHub, although the author has since abandoned after it was being abused. read more

    Beware - another dangerous Android malware has had millions of downloads
    from the Google Play Store



    This new Android trojan is targeting all your mobile bank accounts



    PlugRAT Trojan disguises itself as Microsoft debugger to slip past your
    antivirus

    When the VBScript loader is activated, it extracts and registers 'dynwrapx.dll', which grants access to the DynamicWrapperX, which in turn enables calling functions from the Windows API and other DLLs.

    Something called 'BinaryData' is then loaded into 'RegAsm.exe', a legitimate process part of the .NET Framework, meaning it is less likely to be flagged
    by antivirus software . This is what delivers the DcRAT.

    DcRAT can then perform various malicious actions, including keylogging, monitoring webcams, manipulating files, stealing credentials and browser cookies, and remotely accessing your device.

    It also contains a ransomware plugin that affects all non-system files and encrypts them with the .DcRAT file extension, making them inaccessible to the user without the decryption key, which the threat actors will hold you to ransom for. Get yourself the best firewall to protect against threats



    ======================================================================
    Link to news story: https://www.techradar.com/pro/fake-onlyfans-content-is-luring-users-into-insta lling-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)