Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » A new malware campaign uses the PureCrypter bootloader to deliver the DarkVision RAT
Global Security

A new malware campaign uses the PureCrypter bootloader to deliver the DarkVision RAT

AdminBy AdminOctober 15, 2024No Comments3 Mins Read
DarkVision RAT
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 15, 2024Ravi LakshmananMalware / cybercrime

DarkVision RAT

Cybersecurity researchers have uncovered a new malware campaign that uses a malware downloader called PureCrypter to deliver a remote access trojan (RAT) called DarkVision RAT.

The activity observed by ThreatLabz’s Zscaler in July 2024 involves a multi-step process to deliver the RAT payload.

“DarkVision RAT communicates with its command and control server (C2) using a custom network protocol over sockets,” security researcher Muhammad Irfan VA. said in the analysis.

“DarkVision RAT supports a wide range of commands and plugins that provide additional capabilities such as keyboard, remote access, password theft, audio recording, and screen capture.”

Cyber ​​security

PureCrypter, publicly disclosed for the first time in 2022 is a ready-made, subscription-based malware downloader that offers customers the ability to distribute information stealers, RATs, and ransomware.

The exact initial access vector used to deliver PureCrypter, and by extension the DarkVision RAT, is not entirely clear, although it paves the way for a .NET executable responsible for decryption and open-source execution Donut loader.

The Donut downloader then runs PureCrypter, which eventually unpacks and loads DarkVision, while configuring security and adding file paths and process names used by the RAT to Microsoft Defender Antivirus list of exceptions.

DarkVision RAT

Resilience is achieved by configuring scheduled tasks using the ITaskService COM interface, autorun keys, and creating a batch script that contains a command to execute the RAT executable and place the batch script shortcut in the Windows startup folder.

RAT, which originally surfaced in 2020 is advertised on the Clearnet website for just $60 for a one-time payment, offering an attractive proposition for threat actors and novice cybercriminals with little technical knowledge who want to launch their own attacks.

Developed in C++ and assembly (aka ASM) for “optimal performance”, RAT comes with a wide range of features that allow for process injection, remote shell, reverse proxy, clipboard manipulation, keylogging, screenshot capture, as well as cookies and password recovery from web browsers, among other things.

Cyber ​​security

It is also designed to gather system information and retrieve additional plugins sent from the C2 server, further expanding its functionality and giving operators full control over an infected Windows host.

“DarkVision RAT is a powerful and versatile cybercriminal tool that offers a wide range of malicious capabilities, from keylogging and screen capture to password theft and remote execution,” said Zscaler.

“This versatility, combined with its low cost and availability on hacker forums and their websites, has made the DarkVision RAT increasingly popular among attackers.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.