Also known as: DarkCrystal RAT
Category: Malware
Type: Remote Access Trojan
Platform: Windows
Variants:
Damage potential: Data theft, espionage, remote control and surveillance, botnet participation
Overview
DarkCrystal RAT, or DCRAT, is a type of malware that allows cybercriminals to control a compromised device remotely. With DCRAT, attackers can monitor user activity, activate hardware such as a mouse, webcam, or microphone, access files, steal sensitive data, or add the infected device to a botnet and launch DDoS attacks.
Possible symptoms
The symptoms of a DCRAT infection might vary, but here are some common signs to watch out for:
- System slowdowns, crashes, and freezes.
- Unusual network traffic.
- Files being moved, modified, or removed without user interaction.
- Mouse cursor moving on its own.
- Programs starting or stopping unexpectedly.
- Webcam or microphone switching on without user interaction.
- Frequent error messages.
Sources of infection
DCRAT typically spreads through phishing emails with malicious Microsoft Word documents, downloads from malware-hosting websites, malvertising, or peer-to-peer sharing of infected files.
Protection
Always browse with caution to protect yourself from DCRAT.
- Do not click on suspicious links or attachments, especially from unknown senders.
- Avoid downloads from unofficial sources.
- Scan downloads for malware, block malware-hosting websites, and stop malicious ads
- Install reliable antivirus software and keep it updated.
Removal
If you think you might have DCRAT on your device, you need to act promptly:
- Disconnect your device from the internet to prevent DCRAT from communicating with its command and control server.
- Boot into safe mode.
- Run a full system scan using a reputable antivirus solution.
- Follow the instructions provided by your antivirus software to isolate and remove the malware.
Consult an IT professional if you don’t feel confident handling the removal yourself.
