Cybercriminals Utilize Malware to Obtain Personal Information Through Imitation of OnlyFans Content
A campaign involving malware is spreading counterfeit OnlyFans material and adult bait to implant the remote access trojan ‘DcRAT’ onto targets’ devices, with the intention of stealing their data and login information, or unleashing ransomware on the compromised device.
OnlyFans is a content subscription service where paid subscribers can access private photos, videos and messages from adult models, celebrities and social media personalities.
According to BleepingComputer, a new campaign discovered by eSentire has been active since January 2023 and has been distributing ZIP files containing a VBScript loader that the victim is tricked into running manually, believing that they can access premium OnlyFans collections.
The chain of infection is unknown, but it can come from malicious forum posts, instant messages, malicious ads, or even black SEO sites that rank high for certain search terms.
Additionally, according to the report, DcRAT is capable of keylogging, webcam monitoring, file manipulation and remote access, as well as stealing web browser credentials and cookies, as well as stealing Discord credentials.
DcRAT also includes a ransomware extension that targets all non-system files and appends the “.DcRat” file extension to encrypted files.
Meanwhile, researchers have discovered a flood of malware written for the Android platform that attempts to mimic the popular AI chatbot ChatGPT to target smartphone users.
According to Palo Alto Networks Unit 42 researchers, these malware versions emerged in conjunction with the release of OpenAI’s GPT-3.5, followed by GPT-4, infecting victims interested in using the ChatGPT tool.