Fake Steam Desktop Authenticator App distributing DarkCrystal RAT
A fake version of the Steam Desktop Authenticator (SDA) app is being used to distribute the DarkCrystal Remote Access Trojan (RAT). The threat actors use site cloning and typosquatting techniques to create fake versions of the SDA website, tricking users into downloading a malicious ZIP file. If executed, the fake SDA app disables Windows Defender and runs DCRAT. DarkCrystal RAT is a commodity crimeware tool offered on various underground forums and Telegram channels, which can be bought and deployed by cybercriminals. The campaign uses three URLs that pose as the SDA app, all registered with different registrars and created at different times. Malware: DCRat, DarkCrystalRAT [View Article](https://blog.bushidotoken.net/2023/05/fake-steam-desktop-authenticator-app.html)