Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Remote Administration tools. Show all posts

Customers of BlackShades RAT reportedly being raided by FBI

If you have ever bought the Popular Remote Administration tool "BlackShades", you should expect FBI at your doorsteps.
  
FBI is reportedly executing international raids with the help of local law enforcement.  Several users of 'BlackShades' in HackForums have reported that their house is being raided by FBI.  The authorities have seized computer, external Hard disk and other computer equipments.

Although RATs have legal uses, most of time it is being used by cyber criminals for malicious purposes.  Installing RATs with permission of computer's owners is legal.  But installing the trojan in users' machine without their permission is completely illegal.

"I got a visit from the german police because i bought BlackShades. "one user posted in HackForums.

" I don't really care, because i only used it within my own network for testing purposes (tested compatibly with my crypter), but it's really annoying that they have taken away my Windows PC & Laptop, external HDD"

One user reported that FBI has so far raided the users of Blackshades from Australia, Denmark, Germany and US.

The source code of the BlackShades was released in 2010. Last year, Symantec reported that tool is still being sold in underground markets and usage of RAT is increased.

Dendroid, a new Android malware toolkit

Number of malware for Android platform is increasing day by day.  Cybercriminals trying to sell android-malware toolkit to others.  The first Android Remote admin tool is AndroRAT which is believed to first ever malware APK binder.

Symantec researchers have come to know another android malware toolkit called "Dendroid" is being sold in the underground forums.

A cybercriminal going by online handle "soccer" in the underground forum is selling this HTTP based RAT which is said to be having many malicious features.

The toolkit is able to create malicious apk file capable of 'deleting call logs', 'call to any number', 'open webpages', 'record calls', 'intercept sms', 'take and upload photos&videos', 'dos attack'.

Researchers say the cybercriminal also offer 24/7 support for this RAT.  Others can buy this toolkit by paying $300 through crypto currencies such as Bitcoins, Litecoins.

Experts have mentioned that this RAT has some link with the previous AndroRAT saying "the author of the Dendroid APK binder included with this package had assistance writing this APK binder from the author of the original AndroRAT APK binder.   "

Java based Remote Access Tool used in Spear Phishing attacks targeting Government


A Spear Phishing attack targeting Government Agencies has been uncovered by Symantec Security Researchers.  The emails with the subject related to recent hot media topic "NSA surveillance program PRISM" have three attachments.

What's interesting about the attachment is one of the attachment is a JAR file which is nothing but a Java based Remote Administration Tool(RAT).  The other attachments are two non-malicious PDF files.

Once victim opened the JAR file, the java applet will run in the victim's system which is capable of giving full control of the compromised system to the Cybercriminals.

Java RAT builder control panel- Image Credits: Symantec

As we all know, the Java is platform independent language, the applet can run not only windows but also but also Linux, Mac OSX, FreeBSD, Solaris and Any operating system that supports java.

According to Symantec report, most of the target of this malware are located in United States.  Symantec now detects this threat as Backdoor.Jeetrat.

DarkComet Remote Administration Tool version 5.1 fwb final released

DarkCoderSc updated their Remote Administration Tool(RAT) DarkComet. The new vesion DarkComet v5.1 fwb final is available for download.

They fixed FTP upload keylogger problem, DNS/IP backup issue, Big problem in Client/server system. Password Interface has been improved and export password list function is added.Password grabber support now FireFox 9 , 10 and 11 (the latest version).

DarkComet is updated with Quick Download / Upload feature, it will upload / download single file very simply / fast and 100% multithreaded (can load infinite instance for each users)

A very huge bug was fixed in the connection thread, this was affecting random users and explain why they can't get connections.

The full changelog is available at the official site(www.darkcomet-rat.com). Download the Latest version from here:
www.darkcomet-rat.com/process_download.php?id=8

Shady RAT attack hits 72 organizations-Cyber Attack Over 5 years

McAfee on Tuesday issued a warning that an attack, which it's dubbed "Shady RAT" for remote access tool, successfully compromised at least 72 organizations, across 14 countries, beginning in 2006.

Victims included government agencies in the United States, Canada and South Korea, defense contractors, and International Olympic Committees in three countries. All told, 49 of the exploited organizations were located in the United States.

McAfee released a related report on Tuesday, saying it first discovered signs of the Shady RAT attack in 2009, after a forensics investigation at a defense contractor found an infection that originated from a spear-phishing attack, which contained attached malware that uses "encrypted HTML comments in Web pages that serve as a command channel to the infected machine." While McAfee didn't name the malware in question, security experts said it sounds like malware that'


s been traced to a group known as the "Comment Crew."

Download the report from McAfee