According to Bleeping Computer*, a malware campaign is using fake OnlyFans content and adult lures to install a remote access trojan known as ‘DcRAT,’ allowing threat actors to steal data and credentials or deploy ransomware on the infected device.
The new campaign discovered by eSentire has been underway since January 2023, spreading ZIP files that contain a VBScript loader the victim is tricked into executing manually, thinking they’re about to access premium OnlyFans collections. The infection chain is unknown, but it might be malicious forum posts, instant messages, malvertising, or even Black SEO sites that rank high in specific search terms. A sample shared by Eclypsium pretends to be nude photos of former adult film actress Mia Khalifa.
The huge popularity of OnlyFans unfortunately also draws huge attention from threat actors wanting to exploit innocent users. Unlike in the case of standard phishing emails focusing on specific data such as access credentials, the attackers are deploying infostealing malware and thus can obtain almost any of the victim’s information. Cybercriminals often exploit the use of well-known brands for their malicious activities due to the immediate and significant recognition and trust that these brands have.
By leveraging the reputation and authority associated with these brands, cybercriminals can increase the chances of victims falling for their scams or willingly providing sensitive information. Furthermore, popular brands typically have a large customer base making them potentially lucrative targets. By targeting OnlyFans, cybercriminals can potentially reach a significant number of individuals and increase the impact and success rate of their attacks.
ESET Ireland 