"DTPacker Malware Steals Data, Loads Second-Stage Payloads"

Proofpoint researchers have discovered a malware packer dubbed DTPacker that multiple threat actors are using to spread Remote Access Trojans (RATs), which are deployed to steal information and function as a springboard for launching other attacks such as ransomware. According to the researchers, DTPacker has been associated with many campaigns by multiple threat groups since 2020, and is likely being made available on underground forums. The malware packer applies different obfuscation methods to evade analysis, sandboxing, and detection by antivirus software. The malware is unique as it can operate as both a packer and a downloader to distribute multiple RATs and information stealers, including  Agent Tesla, AsyncRAT, and FormBook. The researchers say the main difference between a packer and a downloader is where the payload data is located, which is embedded in the former and downloaded in the latter. DTPacker is considered unusual in that it uses both forms. This article continues to discuss the history, capabilities, and attack stages of the DTPacker malware. 

Decipher reports "DTPacker Malware Steals Data, Loads Second-Stage Payloads"