The Computer Emergency Response Team of Ukraine has issued a warning about a new cyber campaign targeting defense sectors with the Dark Crystal RAT (DCRat). This campaign involves sending malicious messages via the Signal messaging app that appear to contain meeting minutes and are sent from compromised accounts. Using archive files that include a decoy PDF and the malware-launching executable DarkTortilla, the DCRat malware is activated, enabling attackers to control infected devices. CERT-UA attributes these attacks to a known threat cluster, UAC-0200, highlighting concerns over Signal's handling of cyber threats affecting Ukraine.
The use of popular messengers, both on mobile devices and on computers, significantly expands the attack surface, including due to the creation of uncontrolled information exchange channels.
With its inaction, Signal is helping Russians gather information, target our soldiers, and compromise government officials, said Serhii Demediuk, the deputy secretary of Ukraine's National Security and Defense Council.
Signal CEO Meredith Whittaker, however, has refuted the claim, stating we don't officially work with any gov, Ukraine or otherwise, and we never stopped.
DCRat facilitates the execution of arbitrary commands, steals valuable information, and establishes remote control over infected devices.
Collection
[
|
...
]