Architectural companies targeted by new DarkComet RAT campaign

Companies which are active in architecture are being targeted by a malicious email campaign that is sending DarkComet infected files. The cybercriminals behind the “architecture Darkcomet campaign” are trying to force the “AutoCad-export.exe” file to unaware users.

The “AutoCad-export.exe” file has been identified by the CSIS company, and they have run the “AutoCad-export.exe” DarkComet file through the VirusTotal service. View the VirusTotal report here.

VirusTotal report on the DarkComet malware
VirusTotal report on the DarkComet malware

The Architectural companies malicious email

The malicious email has targeted Danish architecture firms, and the found email has been written in the Danish language. The CSIS report states that the cybercriminals have hidden the AutoCad-Export.exe file behind an pictogram which is actually a malformed AutoCad icon.

CSIS reports that when the file is opened, the file starts collecting massive amounts of data. The CSIS company has also identified it as a data stealer. The DarkComet RAT contains various features which allow the cybercriminals or the operators to take full control over the device.