Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » A new malware campaign uses the PureCrypter bootloader to deliver the DarkVision RAT
Global Security

A new malware campaign uses the PureCrypter bootloader to deliver the DarkVision RAT

AdminBy AdminOctober 15, 2024No Comments3 Mins Read
DarkVision RAT
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 15, 2024Ravi LakshmananMalware / cybercrime

DarkVision RAT

Cybersecurity researchers have uncovered a new malware campaign that uses a malware downloader called PureCrypter to deliver a remote access trojan (RAT) called DarkVision RAT.

The activity observed by ThreatLabz’s Zscaler in July 2024 involves a multi-step process to deliver the RAT payload.

“DarkVision RAT communicates with its command and control server (C2) using a custom network protocol over sockets,” security researcher Muhammad Irfan VA. said in the analysis.

“DarkVision RAT supports a wide range of commands and plugins that provide additional capabilities such as keyboard, remote access, password theft, audio recording, and screen capture.”

Cyber ​​security

PureCrypter, publicly disclosed for the first time in 2022 is a ready-made, subscription-based malware downloader that offers customers the ability to distribute information stealers, RATs, and ransomware.

The exact initial access vector used to deliver PureCrypter, and by extension the DarkVision RAT, is not entirely clear, although it paves the way for a .NET executable responsible for decryption and open-source execution Donut loader.

The Donut downloader then runs PureCrypter, which eventually unpacks and loads DarkVision, while configuring security and adding file paths and process names used by the RAT to Microsoft Defender Antivirus list of exceptions.

DarkVision RAT

Resilience is achieved by configuring scheduled tasks using the ITaskService COM interface, autorun keys, and creating a batch script that contains a command to execute the RAT executable and place the batch script shortcut in the Windows startup folder.

RAT, which originally surfaced in 2020 is advertised on the Clearnet website for just $60 for a one-time payment, offering an attractive proposition for threat actors and novice cybercriminals with little technical knowledge who want to launch their own attacks.

Developed in C++ and assembly (aka ASM) for “optimal performance”, RAT comes with a wide range of features that allow for process injection, remote shell, reverse proxy, clipboard manipulation, keylogging, screenshot capture, as well as cookies and password recovery from web browsers, among other things.

Cyber ​​security

It is also designed to gather system information and retrieve additional plugins sent from the C2 server, further expanding its functionality and giving operators full control over an infected Windows host.

“DarkVision RAT is a powerful and versatile cybercriminal tool that offers a wide range of malicious capabilities, from keylogging and screen capture to password theft and remote execution,” said Zscaler.

“This versatility, combined with its low cost and availability on hacker forums and their websites, has made the DarkVision RAT increasingly popular among attackers.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025

Russian APT29 operates Gmail app passwords to get around 2FA in the target phishing campaign

June 19, 2025

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025

Russian APT29 operates Gmail app passwords to get around 2FA in the target phishing campaign

June 19, 2025

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025

The new malicious company uses Cloudflare tunnels to deliver rats through phishing networks

June 18, 2025

1500+ Minecraft players infected with malicious Java software

June 18, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.