Tag: RAT

Programming, Security, Tech

TLC was Right About Your Boss

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

women sat in bed taking note.
I probably should check to see if there’s anything new on Scriptingthewhy before I login for work.
Photo by Ivan Samkov, please support by following @pexel.com

Here you are sitting in front of your computer, and you’re thinking to yourself;” You know today is the perfect day to go on some un-named sites.” That was a joke, no one ever thinks that. In fact, most people rarely think to stray away from their daily norms.

You get up out of bed, grab a cup of coffee, say hi to the cohabitator or fellow inhabitants, and then move on to go about your day online. This may be the case if you work from home, but for the rest of the world, it’s sitting in morning traffic and questioning the meaning of life while simulating The Belko Experiment in our heads.

Well, have you ever had that feeling after spending some time online, you logged out and called it a day but when logging out you feel like something is a little off. That feeling could be that random download that you didn’t care to stop but in case you thought that couldn’t be the case, let me explain how.

man sitting holding a book at desk smiling.
Sarah’s working from home today? Oh yeah, it is Double-Cheeked up Thursday.
Photo by Andrea Piacquadio, please support by following @pexel.com

R.A.T Vs Rat

What is this file that is taking residence on your computer? Well, look no further than you may have a rat in your midst. No, not the cute rodent that most people find disgusting because their cousins are often found running the subways of New York.

A side thing to note; they are actually clean animals; they just don’t get a fair shake. Us silly humans, we’re always fearing what we don’t understand. You may have a Remote Access Trojan (R.A.T), this is a type of malware that finds its way into your computer and can perform surveillance and can gain unauthorized access to your personal computer (PC).

RATs can behave in the manner of keylogger applications by automatically collecting information on keystrokes, usernames and passwords, browser history, and emails are a few things to mention.

They differ from keyloggers however, in the sense that RATs give the attacker the capability to gain access to unauthorized remote access to your PC. So if you could imagine, your boss who has a crush on you and is really good with computers, and since you may be working from home, somehow they take control of your computer, flip on the webcam and there you have it. You may not want to be walking around in your lounge clothes double-cheeked up when you’re supposed to be in work attire is all I’m saying.

Another lovely surprise is a backdoor is left open for the attacker to come and go as they please without you ever noticing. This can lead to changing the behavior of the machine, browsing, and copying files, and using your internet connection to perform some good old illegal activities.

man using binoculars to see.
This was the webcam before the internet. Yup, Sarah is working from home today. #IWantAPoundCake
Photo by Andrea Piacquadio, please support by following @pexel.com

Hacking Motives

You may be thinking to yourself saying “This is nuts! Who would do such a thing?” Aside from your crushing hard-on-you creep boss, hackers – who could be anyone, they don’t look any particular way – would resort to using this tactic to get information for a wide array of reasons.

Scenarios could be collecting your information either selling it or using it as blackmail or performing some type of extortion with it, installing more malicious malware, or doing a combination of all the above.

What are some motives that would cause one to do this? Well in most cases it has to deal with people wanting money, it kind of makes the world go round you know. And in other cases, in the words of Bag-Head (I know that’s not his name but I’m calling him that anyway) from the movie The Strangers, it’s because you were home. This is said because there are some instances where an attack takes place simply because it was able to.

businessman sat at laptop thinking to himself.
Sarah is inspiring me to get a mail-order bride. $200? I don’t know, that’s a bit expensive.
Photo by Sora Shimazaki, please support by following @pexel.com

Phishing for Mail-Order

Thinking to yourself now, “How do I stop something like this from happening to me?” Don’t know what age you are while reading this, but I grew up in the era when your parents would inform you, they were going to be leaving soon and you are going to be in charge of the house, firmly said “If someone is at the door and it’s not us, don’t open the door.”

That very saying still holds true, spear-phishing is one technique used in this attack. Any emails, website links, and redirected to download files or software received from unknown parties should be reported and removed immediately. Using anti-virus and anti-malware will aid in making sure the RAT isn’t able to work properly and assist in halting the collection of any information.

If a computer is infected and is linked to other computers, you should assume that all personal information has been compromised and immediately change login information from a clean computer. Following this credit cards and all financial activities should be monitored in the following months to catch any shady activity.

If you’re at work and find this has happened, get in contact with the system administrator and inform them of the potential threat. A well-known fact is that companies get hit due to complacency when checking emails. Yes, while a mail-order bride doesn’t sound like a bad idea, that potential risk to have your identity stolen or worst having the company’s PC corrupted could see you in line with hitting an iceberg.

two people talking in a modern workspace.
Ben: So… that link you sent me. I purchased a mail-order bride. We’re good with that, right?
Sarah: I never sent you a link. Wait, you bought what now!?
Photo by Sora Shimazaki, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Have you ever experienced a RAT attack? Script a comment about it below.

Programming, Security, Tech

OnlyFans & Simping Disabled

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Tara: You subscribed to her OnlyFans but you didn’t sub to Scriptingthewhy.
Eddie: I didn’t think that was going to put a virus on our computer.
Tara: You would’ve known that if you kept reading!
Photo by Alex Green, please support by following @pexel.com

It seems like the fun days of simping may be coming to a halt…well, at least for the moment. To touch base quickly, simping wasn’t good in the first place but now it’s gaining some additional problems.

As of late threat actors have found new and saucy ways to make the lonely men and women but mainly men of the internet pay for something more than just adult content.

We are going to look at what kind of attack threat actors are using, who has been using it, the functionality and effects upon its release, and some ways you can prevent this from being your final simping moment.

When is she going to be back online? I need to see her pureness.
Photo by cottonbro studio, please support by following @pexel.com

The Attack

For all who are curious about the term “simping” or “simp” here is a brief overview to bring you to the cool kid’s club. A “simp” is someone who bends and folds to the will of someone they admire heavily. This is the toxic version of falling head over heels for someone.

The art of “simping” is giving your every waking moment to be around or interacting with that person. There’s nothing wrong if the feeling is mutual, however, in most if not all cases, the person the individual is simping for has no idea as to who they are. A real, don’t talk to me because I’m saving myself for my crush who doesn’t even know I exist situation.

The attack that fits this situation perfectly is called a Root Access Trojan or what’s more likely known as a RAT. And before you ask, yeah, your data and credentials are the cheese in this situation.

That’s right, click here for free nudes. The lonely make great cash cows.
Photo by Karolina Grabowska, please support by following @pexel.com

Who Can It Be Now

No groups or individuals have been named at this point, but it has been made known that threat actors are taking the hot, bothered, and lonely for a ride with the lure of having a good time on OnlyFans.

If you have been living on the right side of the internet and are unfamiliar, then we’ll give a small overview of what OnlyFans is. OnlyFans is an adult website where you pay for a subscription to adult content from your favorite content creator. A campaign has been launched involving the RAT called “DcRAT”.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Ben: The attack began here.
Tom: I heard you started an OnlyFans.
Ben: Uh…I did but I only post feet pics.
Tom: I subscribed already.
Ben: WAIT, WHAT!?
Photo by MART PRODUCTION, please support by following @pexel.com

The Sinking Feeling

However, this isn’t OnlyFans first rodeo when it comes to threat actors and their malicious means. Back in January of 2023, attackers had created a redirection link to a fake OnlyFans website.

In this new campaign, ZIP files containing a VBScript (this is the scripting language for Microsoft) loader to trick victims into running the executable program manually, this loader has been distributed offering the promise of accessing the premium adult content of OnlyFans.

The source of the infection is unknown, but ideas have suggested that it has made its rounds via malicious forums postings, malvertising via instant messages, and even black hat SEO (Search Engine Optimization)—this is the art of giving fake information to mislead the search engine and users to rank higher in search results.

The VBScript loader is slightly modified from its previous version found back in 2021’s campaign discovered by Splunk. In this version, the malware checks the architecture of the OS (Operating System) using a snapshot and spawns the 32-bit process required for the following steps. 

It extracts the embedded DLL ((Dynamic Link Library)—this is a collection of small programs that larger programs can load when needed to complete a particular task) and registers the file with the Regsvr32.exe (this is the utility for the command line to register and unregister Object Linking and Embedding or OLE controls) command. This then grants the malware access to the DynamicWrapperX which is a tool that enables the calling functions from the Window’s API (Application Programming Interface) or to other files.

A payload named ‘BinaryData,’ is then loaded onto the memory and inserted into the ‘RegAsm.exe’ (this adds entries to the registry on the local computer) process, which is a legitimate part of the .NET Framework. This more likely allows the malware to bypass anti-virus tools.

Once embedded can perform keylogging, webcam monitoring, file manipulation, remote access, steal credentials, and cookies from the browser, or intercept tokens for Discord. It also has the function to target all files not a part of the system and appends its filename extension onto the encrypted files.

In a nutshell, once it’s in, it’s recording every move you make and no file on your computer is safe.  

For most people this is the most effective tactic.
Photo by ALTEREDSNAPS, please support by following @pexel.com

The Prevention

Like the rest of us here, Z-Daddy is betting that you want to keep yourself and everything on your computer safe, there are some ways to help with that.

One way and this is the only way that security is a hundred percent guaranteed, is to stay on the right side of the internet and away from adult material. However, this is not a solution for most people, so another way is to practice extreme caution when downloading any files from third parties and unknown sources onto your computer.

This principle carries over to those situations where you’re being offered exclusive access to a good time at the low, low cost of nothing. Frequently saving your information on either a USB flash drive or external drive or other device that you could insert and detach from your computer could help as this will have your information saved in multiple locations versus being saved only on your machine.

Saving multiple copies of your information helps because if it’s found that one copy is infected, a scan can be done for the other backups and if they’re still good you could start from the last save point. To some, this may seem a bit of work but as professional simps will tell you; “Simping ain’t easy.”

This is Erica. Click here to see all of her nude photos and videos.
Photo by Bruno Henrike, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on DcRAT? Script a comment below.