Malicious Dark Crystal RAT Campaign Targets Ukraine’s Defense Sector

Threat actors launched a new malicious campaign against organizations in Ukraine’s defense sector, spreading Dark Crystal malware.

Russian malware used against Ukraine

Ukraine’s Computer Emergency Threat Response Team (CERT-UA) announced earlier this week that threat actors have been spotted using a Russian-made remote access trojan (RAT) against targets in the country.

Dark Crystal (or DCRat) is a RAT allegedly favored by many novice hackers, but with an advanced enough design to fit the needs of more advanced attackers, as well. Seasoned threat actors can use custom plug-ins and the malware’s modular structure to adapt the RAT to their liking.

Threat group spreads malware through Signal

CERT-UA spotted the campaign earlier this month. The agency says the threat group, tracked as UAC-0200, has been targeting individuals in Ukraine’s Defense Forces and employees of defense-industrial organizations. The perpetrators reportedly use rogue archived messages on Signal to spread malware.

“Typically, the mentioned archives contain a file with the extension ".pdf", as well as an executable file classified as DarkTortilla, which is a cryptor/loader type software tool, the purpose of which is to decrypt and launch (including by injection) the Dark Crystal RAT (DCRAT) remote control software tool,” reads the CERT-UA security advisory.

DCRat and its devastating capabilities

Despite being preferred by so-called “script kiddies,” DCRat is a competent, destructive tool that can wreak havoc on compromised machines.

It serves numerous malicious purposes, including:

• Monitoring: Threat actors can use DCRat to perform surveillance tasks and exfiltrate data from compromised devices
• Recon: The RAT lets attackers gather information about the host device and its network
• Data theft: Perpetrators can steal sensitive data from infected machines
• Remote code execution: Attackers can run arbitrary code on compromised devices in several programming languages
• DDoS attacks: DCRat can weaponize infected machines in distributed denial of service (DDoS) attacks against other targets
• Remote control: Threat actors can exploit DCRat’s capabilities to take over infected devices entirely

Safeguarding against RATs and other threats

RATs are among the most destructive strains of malware in the cyber landscape. Dedicated software like Bitdefender Ultimate Security can help protect your devices against them and similar threats, including viruses, zero-day exploits, worms, rootkits, ransomware, and spyware.

Key features include comprehensive, continuous monitoring and protection, network threat prevention, behavioral detection for active apps, multi-layer ransomware protection, web attack prevention, and AI-powered scam detection.