RAT
Windows
Dacls is a remote access trojan (RAT) attributed to the Lazarus Group, targeting Windows, Linux, and macOS systems. This modular malware enables attackers to perform a wide range of actions, including process manipulation, file operations, and DLL injection. Dacls is also capable of encrypting its command-and-control (C2) communications, making detection and analysis more challenging. Its deployment has been linked to high-profile cyber espionage and ransomware operations.
Dacls is designed to operate across multiple platforms, making it highly versatile. It can infect systems running Windows, Linux, and macOS, with each variant tailored to exploit the unique characteristics of the target operating system. The macOS variant has been observed distributed via trojanized applications, such as fake two-factor authentication (2FA) apps, demonstrating the adaptability of its operators.
Command and Control Communication
Dacls employs double-layer encryption for its C2 communications, utilizing TLS and RC4 to secure data transmission. This sophisticated encryption ensures that the malware's activities remain concealed from network traffic analysis tools, complicating the efforts of cybersecurity professionals trying to intercept or block its operations.
Association with Lazarus Group
The Lazarus Group, also known as Hidden Cobra, is a well-known cybercrime organization responsible for numerous global attacks. Dacls is one of the group's tools, showcasing its ongoing innovation in developing malware that supports both espionage and financially motivated operations. This association underscores the advanced capabilities and strategic intent behind Dacls' deployment.
Keep systems and software updated to address known vulnerabilities.
Deploy robust endpoint protection to block malware activities.
Train users on identifying phishing schemes and avoiding untrusted downloads.
Monitor for unusual network traffic indicative of C2 communications.
