Low-rent RAT Worries Researchers

2022-05-10 00:24

Dubbed as Dark Crystal RAT, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate pricing.

"DCRat is one of the cheapest commercial RATs we've ever come across. The price for this backdoor starts at for a two-month subscription, and occasionally dips even lower during special promotions," according to BlackBerry researchers who published their findings on Monday.

In another odd quirk, researchers note, is the malware author "Implemented a function that displays a randomly generated number of 'servers working' and 'users online' that are meant to appear as statistics in the background of the administrator tool. It could be that they are trying to make their tool appear more popular, or that they just didn't know how to implement an accurate counter and have employed a pseudo-counter in the meantime as a placeholder."

"The administrator tool and the backdoor/client are regularly updated with bug fixes and new features; the same applies to officially released plugins." The researchers noted a particular case in 2020, when Mandiant published an in-depth look at the DCRat client.

"Just days after this report was released," to combat the unwanted attention, "The malware author shifted distribution of the RAT to a new domain."

For a year, $33 and for a lifetime subscription $63. Researchers speculate the low price is because the criminals behind the malware are just looking for attention.

News URL

https://threatpost.com/low-rent-rat-worries-researchers/179553/

#RAT #researcher