CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
Mar 20, 2025
Cybercrime / Malware
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat ). The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the Defense Forces of Ukraine. The activity involves distributing malicious messages via the Signal messaging app that contain supposed meeting minutes. Some of these messages are sent from previously compromised Signal accounts so as to increase the likelihood of success of the attacks. The reports are shared in the form of archive files, which contain a decoy PDF and an executable, a .NET-based evasive crypter named DarkTortilla that decrypts and launches the DCRat malware. DCRat, a well-documented remote access trojan (RAT), facilitates the execution of arbitrary commands, steals valuable information, and establishes remote control over infected devices. CE...