A phishing website impersonating the popular Russian site CryptoPro CSP has been detected by the Cyble Research and Intelligence Labs (CRIL) in a recent discovery.
The distribution of DarkWatchman malware was being carried out by threat actors through this website. In the year 2021, DarkWatchman was initially detected, and its focus was primarily on users in Russia.
The DarkWatchman RAT grants attackers unauthorized access to a victim’s system. This illicit access allows attackers to control the infected device and steal valuable information remotely.
There are several malicious capabilities that it possesses, including:
It is worth mentioning that DarkWatchman has a clever method of avoiding detection. Instead of writing the stolen data to the system’s disk, the malware stores it in the registry.
This decreases the risk of being detected by AV tools, making it harder to discover the illicit activities of the attacker.
The following website employs a phishing tactic to trick unsuspecting users:-
When users visit the site, they are prompted to download a file named “CSPSetup.rar,” a malicious file that could harm their devices. It is necessary to enter a password that is provided with the file to extract the contents of this file.
Two files are included in the malicious archive after it has been extracted:-
DarkWatchman malware gets installed on the victim’s system when CSPSetup.exe is executed.
When the cybersecurity analysts at Cyble analyzed the archive’s contents, it was discovered that a readme.txt file is included, written in Russian. The file indicates that the malware has mainly been designed to target Russian users.
On the victims’ system, the script initiates the installation process of RAT after acquiring all the requisite global variables and user permission information.
Following are the actions that are carried out by the script:-
Here below, we have mentioned the recommendations offered by the security researchers:-
WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…