Security News > 2022 > May > Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat that's offered on sale for "Dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike.

"Unlike the well-funded, massive Russian threat groups crafting custom malware , this remote access Trojan appears to be the work of a lone actor, offering a surprisingly effective homemade tool for opening backdoors on a budget," BlackBerry researchers said in a report shared with The Hacker News.

NET by an individual codenamed "Boldenis44" and "Crystalcoder," DCRat is a full-featured backdoor whose functionalities can be further augmented by third-party plugins developed by affiliates using a dedicated integrated development environment called DCRat Studio.

"Some Fun features have been moved to the standard plugin," a translated message shared on April 16 reads.

Besides its modular architecture and bespoke plugin framework, DCRat also encompasses an administrator component that's engineered to stealthily trigger a kill switch, which allows the threat actor to remotely render the tool unusable.

Distribution vectors employed to infect hosts with DCRat include Cobalt Strike Beacons and a traffic direction system called Prometheus, a subscription-based crimeware-as-a-service solution used to deliver a variety of payloads.

News URL

https://thehackernews.com/2022/05/experts-sound-alarm-on-dcrat-backdoor.html