Hackers Drop Malware Through Fake OnlyFans Content To Steal Data: Report

False OnlyFans material and pornographic lures are being distributed by malware campaigns in an effort to install the remote access trojan ‘DcRAT’ on victims’ devices in order to steal data and login credentials or to infect the victim’s device with ransomware.

Paid customers to the content subscription service OnlyFans get access to exclusive images, videos, and postings from adult models, famous people, and online personalities.

The current effort, identified by eSentire, has reportedly been in operation since January 2023. It spreads ZIP files containing a VBScript loader, which the user is misled into manually running under the impression that they are going to access premium OnlyFans collections, according to BleepingComputer.

Unknown infection sources include malicious forum postings, instant messaging, malvertising, and even black SEO websites that score well for certain search phrases.

According to the research, DcRAT is also capable of keylogging, camera surveillance, file modification, remote access, and the theft of Discord tokens in addition to collecting web browser cookies and user passwords.

Additionally, DcRAT comes with a ransomware plugin that targets all non-system files and terminates all encrypted files with “.DcRat”.

In the meanwhile, researchers have seen an increase in malware designed for the Android operating system that aims to fool smartphone users into thinking they are using the well-known AI chatbot ChatGPT program.

These malware versions, which infected people who were interested in utilizing the ChatGPT tool, arose concurrently with the publication by OpenAI of GPT-3.5 and GPT-4, according to researchers from Palo Alto Networks Unit 42.