March 19, 2025 By Bill Toulas
Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces.
The bulletin mentions that the attacks started this month, with Signal messages containing archives posing as meeting reports.
With some of these messages sent from existing contacts targets are familiar with, the chances of them opening the archives are higher.
The archive contains a PDF and an executable file, the first acting as a lure for victims to open and trigger the launching of the second.
The executable is classified as the DarkTortilla cryptor/loader, which, when launched, decrypts and executes the remote access trojan Dark Crystal RAT (DCRAT).