Ukrainian Police Nab Suspected RAT-Slinger

Police in Ukraine have arrested a man who allegedly used a notorious Remote Access Trojan (RAT) to target thousands of users around the world.

A statement from the Ukrainian National Police on Friday said that cyber specialists on the force cuffed a 42-year-old man from Lviv on suspicion of using the DarkComet malware.

He’s said to have infected 2000 computers in 50 countries around the world.

On searching his machines, the police found the man installed “a Trojan virus administration program on his computer and modified it to send out client versions of the virus,” according to the statement.

These ‘clients’ are used to harvest data from infected machines. The malware has been around for at least six years and was even used by the Syrian regime to spy on activists and opposition groups.

It features multiple capabilities including keylogging, password and document theft, webcam monitoring, taking screenshots of the victim’s machine, and even disabling AV notification settings.

“The cyber police specialists analyzed the malware. It is found that the virus provides full remote access to controlled computers. In particular — the ability to download and upload files, manage startup and services, remotely manage the registry, install and remove programs, take screenshots from the remote screen, intercept microphone sound and video from embedded or external cameras,” the statement continued.

Perhaps most incriminating of all, the police found screenshots of infected victim computers on the arrested man’s machine.

Ukrainian police also issued a series of steps for users to take to check if their computer has been infected with DarkComet.

This involves checking if the machine is trying to communicate with IP address on port 1604 or 81.

If so, they’re urged to use anti-malware program to remove the infection.

Articles You May Like

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
Tesla says all new Model 3s now qualify for full $7,500 tax credit
Serious Security: That KeePass “master password crack”, and what we can learn from it
Is AI ever too much AI?
Danni Brooke to Spotlight the Role of Women in Cyber at Infosecurity Europe 2023

Leave a Reply

Your email address will not be published. Required fields are marked *