Hackers attack govt, defense workers via Signal
The government team for responding to computer emergency events of Ukraine CERT-UA, operating under the State Special Communications Service, warns of targeted cyberattacks against government officials, military and representatives of defense enterprises of Ukraine.
"For their purposes, attackers use the DarkCrystal RAT malware, which is distributed through the Signal messenger popular among the military," the State Special Communications Service said on its Telegram channel on Tuesday.
To increase the level of trust in such messages, a compromised account of a person from the victim's contact list or general groups can be used, the message notes.
The message describes the attack pattern. First, the victim receives a message containing the archive, its password and a note about the need to open the file on the computer. The archive contains an executable file with the extensions ".pif" or ".exe," which, in turn, is a RARSFX archive and contains a VBE file, a BAT file, and an EXE file. Running these files leads to the computer being infected with the DarkCrystal RAT malware and provides attackers with the opportunity to secretly gain unauthorized access to this computer.
In this regard, the State Special Communications Service urges to be vigilant, even if the message came from friends, not to download or open suspicious files, be sure to set up multi-factor authentication, and contact CERT-UA.