Since the beginning of the year, Kaspersky researchers have been tracking in their telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service (MaaS) model.
The cybercriminal group behind it also offers support for the malware and infrastructure setup for hosting the C2 servers. Distribution The DCRat backdoor is distributed through the YouTube platform. Attackers create fake accounts or use stolen ones, then upload videos advertising cheats, cracks, gaming bots and similar software. In the video description is a download link to the product supposedly being advertised. The link points to a legitimate file-sharing service where a password-protected archive awaits, the password for which is also in the video description.
Read more…
Source: Kaspersky
Related:
- Trump administration subpoenas New York Times journalists over new Air Force One reporting
July 11, 2026
The Trump administration has issued subpoenas to several New York Times journalists after the newspaper reported on security concerns with the president’s new plane. The Times said its journalists were subpoenaed on Friday by the US justice department to testify before a federal grand jury in Manhattan five days later, marking the latest effort by the Trump White ...
- Ukrainians are using VPNs to cause havoc in Russia by changing fuel station statuses on maps in a bid to cause chaos and confusion
July 11, 2026
A coordinated online campaign has reportedly encouraged users to alter fuel station information on digital maps across Russia, creating confusion among drivers. The activity involves changing station statuses by marking locations with available fuel as empty or showing closed stations as operational. Supporters of the campaign claim the effort is designed to disrupt travel decisions, increase uncertainty, ...
- Supermarket chain Lidl warns customers after data leak
July 10, 2026
Unknown individuals managed to gain access to customer data held by the supermarket chain Lidl. The German company informed affected customers of this via email this week. Thus far, the supermarket chain has declined to say how many customers were affected. However, the discount retailer did state that it has notified the Dutch Data Protection Authority. Read ...
- No Manners Here: The Ruthless Rise of The Gentlemen Ransomware
July 10, 2026
The Gentlemen (aka Storm-2697) is a Ransomware-as-a-Service (RaaS) program active since at least July 2025. Public reporting indicates that the operators were likely active months earlier as an affiliate (known as ArmCorp) of Qilin RaaS, which Unit 42 tracks as Spikey Scorpius. Their ransomware variants are written in both C and Go programming languages, enabling ...
- Florida ransomware negotiator convicted for helping ransomware gang extort US companies
July 10, 2026
Florida man Angelo Martino has been sentenced to more than five years in prison for conspiring with hackers to deploy ransomware during his job as a ransomware negotiator for a U.S. cybersecurity company. The U.S. Department of Justice confirmed the sentence on Thursday, noting that the government seized more than $10 million worth of cryptocurrency and assets. Martino ...
- Accenture confirms breach after hacker steals 35GB of source code and other data
July 9, 2026
Accenture has confirmed suffering a cyberattack, days after threat actors started selling an archive allegedly coming from the firm. “We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery,” Accenture said in a statement. It follows a relatively unknown threat actor called 888 posting ...

