New Malware Campaign Unleashes DarkVision RAT via PureCrypter Loader

Cybersecurity researchers have uncovered a new malware campaign leveraging the PureCrypter loader to deliver DarkVision RAT, a commodity remote access trojan with a broad range of malicious capabilities. First identified by Zscaler ThreatLabz in July 2024, the campaign employs a multi-stage attack process, exploiting persistence techniques and targeting Windows systems. DarkVision RAT’s versatility, combined with its low cost, has made it a popular tool for cybercriminals.

  • PureCrypter Loader: Utilized to distribute DarkVision RAT, a remote access trojan with features like keylogging, remote access, password theft, and screen captures.
  • Multi-stage Attack: DarkVision RAT is delivered using PureCrypter, a .NET executable, and the Donut loader.
  • Persistence Mechanisms: The malware achieves persistence via scheduled tasks, autorun keys, and batch scripts in the Windows startup folder.
  • Malicious Capabilities: DarkVision RAT supports process injection, remote shell, clipboard manipulation, and cookie and password recovery from web browsers.
  • Availability: Priced as low as $60, DarkVision RAT is marketed to cybercriminals with little technical expertise.
  • New Malware Loader: Pronsis Loader has emerged, delivering Lumma Stealer and Latrodectus, sharing similarities with D3F@ck Loader.

Net Protector's advanced cybersecurity products offer robust defense mechanisms against emerging threats like DarkVision RAT and PureCrypter. With features like real-time malware detection, behavioral analysis, and ransomware protection, Net Protector products provide comprehensive security to protect against remote access trojans, keyloggers, and other malicious activities. Enhance your system's defenses with Net Protector Endpoint Security for reliable and effective threat prevention.