Consider following on social media!
Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!
Eddie: I didn’t think that was going to put a virus on our computer.
Tara: You would’ve known that if you kept reading!
Photo by Alex Green, please support by following @pexel.com
It seems like the fun days of simping may be coming to a halt…well, at least for the moment. To touch base quickly, simping wasn’t good in the first place but now it’s gaining some additional problems.
As of late threat actors have found new and saucy ways to make the lonely men and women but mainly men of the internet pay for something more than just adult content.
We are going to look at what kind of attack threat actors are using, who has been using it, the functionality and effects upon its release, and some ways you can prevent this from being your final simping moment.
Photo by cottonbro studio, please support by following @pexel.com
The Attack
For all who are curious about the term “simping” or “simp” here is a brief overview to bring you to the cool kid’s club. A “simp” is someone who bends and folds to the will of someone they admire heavily. This is the toxic version of falling head over heels for someone.
The art of “simping” is giving your every waking moment to be around or interacting with that person. There’s nothing wrong if the feeling is mutual, however, in most if not all cases, the person the individual is simping for has no idea as to who they are. A real, don’t talk to me because I’m saving myself for my crush who doesn’t even know I exist situation.
The attack that fits this situation perfectly is called a Root Access Trojan or what’s more likely known as a RAT. And before you ask, yeah, your data and credentials are the cheese in this situation.
Photo by Karolina Grabowska, please support by following @pexel.com
Who Can It Be Now
No groups or individuals have been named at this point, but it has been made known that threat actors are taking the hot, bothered, and lonely for a ride with the lure of having a good time on OnlyFans.
If you have been living on the right side of the internet and are unfamiliar, then we’ll give a small overview of what OnlyFans is. OnlyFans is an adult website where you pay for a subscription to adult content from your favorite content creator. A campaign has been launched involving the RAT called “DcRAT”.
Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?
Tom: I heard you started an OnlyFans.
Ben: Uh…I did but I only post feet pics.
Tom: I subscribed already.
Ben: WAIT, WHAT!?
Photo by MART PRODUCTION, please support by following @pexel.com
The Sinking Feeling
However, this isn’t OnlyFans first rodeo when it comes to threat actors and their malicious means. Back in January of 2023, attackers had created a redirection link to a fake OnlyFans website.
In this new campaign, ZIP files containing a VBScript (this is the scripting language for Microsoft) loader to trick victims into running the executable program manually, this loader has been distributed offering the promise of accessing the premium adult content of OnlyFans.
The source of the infection is unknown, but ideas have suggested that it has made its rounds via malicious forums postings, malvertising via instant messages, and even black hat SEO (Search Engine Optimization)—this is the art of giving fake information to mislead the search engine and users to rank higher in search results.
The VBScript loader is slightly modified from its previous version found back in 2021’s campaign discovered by Splunk. In this version, the malware checks the architecture of the OS (Operating System) using a snapshot and spawns the 32-bit process required for the following steps.
It extracts the embedded DLL ((Dynamic Link Library)—this is a collection of small programs that larger programs can load when needed to complete a particular task) and registers the file with the Regsvr32.exe (this is the utility for the command line to register and unregister Object Linking and Embedding or OLE controls) command. This then grants the malware access to the DynamicWrapperX which is a tool that enables the calling functions from the Window’s API (Application Programming Interface) or to other files.
A payload named ‘BinaryData,’ is then loaded onto the memory and inserted into the ‘RegAsm.exe’ (this adds entries to the registry on the local computer) process, which is a legitimate part of the .NET Framework. This more likely allows the malware to bypass anti-virus tools.
Once embedded can perform keylogging, webcam monitoring, file manipulation, remote access, steal credentials, and cookies from the browser, or intercept tokens for Discord. It also has the function to target all files not a part of the system and appends its filename extension onto the encrypted files.
In a nutshell, once it’s in, it’s recording every move you make and no file on your computer is safe.
Photo by ALTEREDSNAPS, please support by following @pexel.com
The Prevention
Like the rest of us here, Z-Daddy is betting that you want to keep yourself and everything on your computer safe, there are some ways to help with that.
One way and this is the only way that security is a hundred percent guaranteed, is to stay on the right side of the internet and away from adult material. However, this is not a solution for most people, so another way is to practice extreme caution when downloading any files from third parties and unknown sources onto your computer.
This principle carries over to those situations where you’re being offered exclusive access to a good time at the low, low cost of nothing. Frequently saving your information on either a USB flash drive or external drive or other device that you could insert and detach from your computer could help as this will have your information saved in multiple locations versus being saved only on your machine.
Saving multiple copies of your information helps because if it’s found that one copy is infected, a scan can be done for the other backups and if they’re still good you could start from the last save point. To some, this may seem a bit of work but as professional simps will tell you; “Simping ain’t easy.”
Photo by Bruno Henrike, please support by following @pexel.com
Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.
Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.
Do you feel like there is something I may have missed on DcRAT? Script a comment below.
