Russian-speaking customers have been targeted in a new campaign aimed at distributing a commodity trojan known as DCRat (aka DarkCrystal RAT) using HTML smuggling.
This is the first time the malware has been propagated via this technique, which differs from past delivery channels such as hijacked or bogus websites, phishing emails with PDF attachments, or macro-laced Microsoft Excel documents.
“HTML smuggling is primarily a payload delivery mechanism,” Netskope researcher Nikhil Hegde stated in an analysis published last week. “The payload can be embedded within the HTML itself or retrieved from a remote resource.”
The HTML file, in turn, can be distributed through fraudulent websites or malspam operations. When the file is launched from the victim’s web browser, the hidden payload is decrypted and downloaded to the system. The assault subsequently relies on some form of social engineering to persuade the victim to open the malicious payload.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: