A new ‘phishing’ campaign takes advantage of anime and video games as a claim to spread ‘malware’ through YouTube, using false or stolen accounts that distribute the Trojan Dcrat through the discharge links of the videos, simulating to be tricks or traps for games, in order to get the remote control of its devices.
The Researchers team of the Kaspersky Cybersecurity Company has identified this new ‘Phishing’ campaign with content published on the Google Video Platform, YouTube, which dates back to 2025 at the beginning of this year, and which, and which, and which, and which, and which, and which, and which, and which, and which, and which, and which With themes related to anime and video games, it has as its main objective users with Windows computer who have interest in these contents.
Specifically, it is a campaign designed to distribute the ‘malware’ Dcrat, a family of remote access Trojans known since 2018 and has also been identified as Darkcrystal Rat, Designed to obtain total control of the affected user computer.
Thus, to distribute this Trojan, cybercriminals use false or stolen accounts on YouTube, From those that publish videos that promote assumptions tricks, ‘cracks’ or traps for certain video games. In this sense, during the video they explain how to carry out these tricks and request to click on the shared download links in the video description to be able to install the trap or trick in question.
However, instead of being tricks for games, these links are discharges that contain the Trojan Dcrat, with which they can distance a Windows computer at a distance, intercept information admitted to the keyboard and obtain access to the webcam, as analysts have indicated in a statement.
As Kaspersky has been able to know, the ‘malware’ is distributed by a group of cybercriminals that operates under the ‘malware as a service’ (Maas) model to obtain economic benefits. With this, Once the team is infected, the malicious actors allow other attackers to access the back door of Dcrat, in exchange for remuneration.
In addition, cybercriminals also offer a support service for this ‘malware’ DCRAT, so that they maintain the infrastructure to host command servers.
It must be taken into account that the family of Trojans of Remote Access Dcrat allows downloading accessories that “significantly expand its functionalities” and, in this case, Kaspersky has discovered and analyzed 34 different accessories with espionage capabilities.
Analysts have also detailed that, since the campaign began in early 2025, It has affected users from countries such as China, Belarus, Kazakhstan and Russia. Likewise, the addresses of the attackers’ command servers contain russian jargon related to the anime fans community.
Given this type of campaigns, Kaspersky’s senior analyst, Oleg Kupreev, has underlined the importance of digital literacy, detail attention and critical thinking, which “must be the basis of the actions” of users and companies in the digital space.
“It is important to be alert to the promotion of software supposedly, since it can be ‘malware’ or be designed to collect your personal data for lucrative purposes for third parties”, Said Kupreev, while recommending to have an effective protection solution installed on the device for anticipating this type of cyber attacks.