Infamous RAT reemerges as a subscription-based cybercrime service

Tools

A Java-based remote access tool (RAT), thought to have been shut down last year, is back, this time as a malware-as-a-service.

Sent via phishing campaigns, the RAT infects a victim's machine through a malicious JAR file, which then tries to communicate with the hacker's command and control server, creating a back door into the machine, Kaspersky Lab researchers told the Kaspersky Security Analysts Summit being held this week in Spain, according to a report by ZDNet.

The RAT, which goes by the names of AlienSpy, Adwind, and JSocket, among others, has been operating for years, and is estimated by Kaspersky to have compromised more than 400,000 victims in the financial, government, education and engineering sectors.

It was believed to have been shut down last year when Go Daddy suspended the domain used by its command and control network, according to Ars Technica.

It has reemerged as a malware-as-a-service, where "customers" pay from $30 per month to $200 for an unlimited license. According to its website, the RAT provides cybercriminals "great opportunities for business growth," related Ars Technica.

The RAT is able to provide users with video and audio capture, keylogger, a virtual private network key-stealing feature, and the ability to detect antivirus software on the victim's machine.

Since its reemergence, the RAT has been able to compromise more than 60,000 targets and is particularly popular with Nigerian email scams, according to Kaspersky.

For more:
- read the ZDNet report
- check out the Ars Technica article

Related Articles:
New Moker RAT can bypass security measures, take control of devices
DarkComet RAT remains a popular Swiss army knife for attackers
Hackers in chains: Class of 2015