Over the years, hackers have used various platforms and social networks to steal information from users. Now it was Onlyfans’ turn. This is a platform where you can share all kinds of content under subscription and monetize the creators.

eSentire researchers have warned of a campaign of ‘malware’ which installs a remote access Trojan virus known as DcRAT. It allows hackers to steal and deploy information and credentials ‘ransomware’ on the infected device.

The new campaign discovered by eSentire has been running since May 2023 and distributes ZIP files containing a VBScript loader that tricks the victim into running it manually, assuming they are about to access premium OnlyFans Collections. Malware is often delivered through phishing emails, social media direct messages, text messages, or even over the phone.

“The file names suggest that the victims were lured using explicit photos or OnlyFans content of several adult film actresses,” claims eSentire.

The facts What are antisocials looking for? they can include bank account information, internet passwords, passport numbers, driver’s license numbers, social security numbers, medical records, internet subscriptions, etc.

From eSentire, they indicate that once the malicious load begins, the trojan checks the architecture of the operating system using Windows Management Instrumentation (WMI), and after a series of processes, manages to access the data.