Security News > 2022 > May > It costs just $7 to rent DCRat to backdoor your network

It costs just $7 to rent DCRat to backdoor your network
2022-05-09 19:29

The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in 2018, then redesigned and relaunched the following year.

Despite its bargain price, and being the work of a lone developer as opposed to custom malware sold by a well-funded, sophisticated crime-ring, miscreants can perform a range of nefarious acts with DCRat due to its modular architecture and plugin framework.

DCRat is expected to be deployed within a network once a miscreant has broken in, such as by exploiting some vulnerability, or obtaining or guessing a user's credentials.

The DCRat administrator tool is written in JPHP, which is rare, because it produces very large, slow executables, the security researchers noted.

Once the subscription validation checks are completed, and assuming the kill switch isn't flipped, the malware subscriber can use the administrator tool to communicate with the command-and-control server, configure builds of the client executable, and even submit bug reports to the DCRat author.

Ru, until a Mandiant analysis in May 2020 prompted the malware author to move the software nasty to a new domain.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/09/budgetfriendly_dcrat_malware/