A Swedish hacker has been spotted trying to sell a new document-free Remote Access Tool (RAT). It was named Blackremote by Palo Alto Networks researchers, and the hacker was trying to sell RAT on a dark web forum last month. The hacker, who uses Speccy and Rafiki, has also posted a YouTube video with instructions on how to install RAT.
“It also claimed that this Blackremote RAT is undetectable during runtime and that there is a link to the purchase of the FUD cryptocurrency. There is no legitimate reason for this software to have to be "undetectable" or "encrypted". Instead, these efforts are aimed at preventing malware detection by software, ”the researchers said.
The hacker described the malware as a "powerful and fully equipped systems" remote management suite.
“It will give you full access and control over a remote machine through a myriad of numbers functions, enabling you to monitor, access or control any activity and data from a distance, as if it were right in front of you! ”the description states.
Researchers have stated that the Blackremote RAT is higher than other RATs, as the tool is available for $ 49 (£ 44) for 31 days leave, $ 117 for 93 days and $ 438 for one year. Buyers should buy the RAT using cryptocurrencies such as Bitcoin.
RAT features include remote desktop, remote file manager, remote webcam, keystoke recording and remote audio.
Matt Aldridge, senior solutions architect at Webroot, told SC Media UK that organizations should not rely on any signature-based or rule-based malware detection and ensure that they use next-generation anti-malware that uses this type of detection of Remote Access Trojan.
“Organizations should also check the addresses URL accessed from their devices, ensuring that the reputation data and high grade are embedded in endpoint on the gateways and / or through a security platform DNS - this can mitigate the initial download and command-and-control communications of such tools, ”he said.
Javvad Malik, security awareness consultant at KnowBe4, told SC Media UK that there should be robust crawling controls to detect if RAT "does" it on the network.
"This can be done in conjunction with a reliable source of threat information that is constantly updated with the latest compromise indicators," he said.
To catch him criminal"We often see many organizations and countries co-operating and sharing law enforcement resources because most criminals operate across borders to slow down and discourage authorities," he added.