What is RAT

[Lord777]

Hello, who have already watched my past video, now they know what a RAT is. Today I will tell you about the most famous and effective remote access Trojans. Don't even think about using them =)

For those who have forgotten, RAT is a remote access Trojan. In simple words, it is malware that allows a hacker to take full control of an infected device. That is, an attacker can either draw genitals in your paint or extort a ransom for stolen confidential data. RAT is a very powerful tool that opens up a wide range of actions. I think this is, so, understandable, so let's move on to the most outstanding representatives.

Back orifice
The whole movement started back in 1998, although many claim that RAT is just over 10 years old. It was at that bearded time that the grandfather of all modern rats, Back Orifice, appeared. It was created by members of the legendary hacker group "Cult of the Dead Cow", about which I will probably release a separate post. Initially, the Trojan was released for Windows 95 (then there were versions for 98 and XP) and it made a lot of noise, as it allowed full remote access to the victim's computer, and even had a nice interface. In general, the program itself is harmless at first glance. It would seem like an ordinary Team Viewer, if not for one thing. After the inconspicuous bo2k.exe file got on the computer, it gradually penetrated into all system files and seized control over them completely unnoticed by the user. The most interesting, BO provides a user with more options on a remote Windows computer than the user of that computer has. Quite ironic, so it is not surprising that it was quickly classified as a Trojan, and the creators were not too shy.

Dark comet
One of the first "modern" Trojans, which was created in 2008 by the French hacker Jean-Pierre Lesuer. He successfully sold his invention to Africans who tried to break the computers of the American government, after which he still had to pay attention to the malware. The functionality of this rat is not so extensive. From the key one can write a screen and collect passwords, and from the secondary one can turn on and off the computer remotely. Interestingly, Dark Comet was used by the Syrian government to spy on citizens.

Mirage
The invention of the Chinese Communist Party sponsored hackers. The most politicized RAT, as it was used mainly for spying on foreign governments, as well as sabotage in large companies in the period from 2009-2015. It got to computers via email newsletter with an attached PDF file with a surprise. An updated version of this Trojan is still being recorded, so the Chinese are not asleep.

Orcus
In 2016, a couple of cunning entrepreneurs from Canada founded Orcus Technologies, whose main product was an analogue of the ORcus teamviewer. But the software turned out to be not so harmless, because it can be installed without the knowledge of the computer owner. The authorities missed the topic and issued a not sickly fine to the creators, and even a criminal offense to boot. Nevertheless, Orcus is still one of the most popular RATs, providing excellent functionality and a user-friendly interface. Through it you can do absolutely everything, only on someone else's computer.

P.S. If you liked this post, please unsubscribe in the comments. In this case, I will release a sequel, with software for Android, as well as a guide to protect against RAT.

 

[Lord777]

Mobile RATs
Hello, today we have a second post about RATs (warriors), only this time for mobile devices. Interestingly, there are no less of them, and the functionality, in some places, is even more interesting.

Droid jack
The most popular warrior on Android is by far the Droid Jack. The popularity of this software is mainly due to the positioning of their product by the developers. First of all, Droid Jack was created for convenient control of a smartphone from a PC, but the fact that it is used for espionage is already a classic dilemma of traders in TOR and terrorists in Telegram. Everything has a price. The software itself is freely available for a pretty impressive $ 210. What do we get for this money?

DroidJack allows you to transfer the current GPS coordinates of the device, manage incoming and outgoing calls, record phone conversations, read and send SMS, messages in WhatsApp, view browser history, list of running applications, copy contacts, receive images from the built- in camera, control volume and much more. ... A pretty good arsenal.

True, in order to put it on the victim's mobile phone, you will have to unnoticeably enter the agro-industrial complex. Well, either social engineering, it's already a matter of skill. The Droid Jack also has a budget-friendly Omnirat that could be gotten for as little as $ 25. As it is now, I don't know, but the functionality was approximately identical.

Pegasus
Legendary spyware created in the secret laboratories of the Mossad. Most likely it will not be possible to get it, since it costs a couple of million green and is sold only to “their own”. So if you are not a member of some global organized criminal group, or not the leader of at least a small state, you’re sorry. But the possibilities of Pegasus are even nothing.

Keylogging, taking screenshots, reading SMS and email, copying browser history, listening to phone calls and much more. Best of all, it runs on iOS without Jailbreak. It is almost impossible to detect this Trojan since it has a self-destruct protocol. In short, real Bond software. The first time Pegasus was burned in 2016, but no matter how hard Tim Cook tried, new versions continue to be released.

AhMyth
The most beloved warrior of any self-respecting schoolboy. You can download it absolutely free from GitHub. We put the program on the PC, generate the RAT of the APK, enter it on the phone of our classmate and successfully hide it. Voila. Now you can track for hours and eavesdrop on your first love. In general, the software is quite interesting and multifunctional. I strongly recommend not using it!

 

[Lord777]

Rat protection

How does the infection take place?
First, let's analyze how the RAT can get to your device. It is worth highlighting 2 main points here: physically (through a USB flash drive, cable) or through social engineering (when you yourself install a Trojan hidden in some harmless file). In the first case, everything is simple.

If some left-handed type puts something into your device, you should already strain yourself and take into account the possibility of installing an infected APK / program. In the second case, you just need to follow the basic rules of digital hygiene - do not go to dubious sites, do not open files from strangers and check all new programs on virustotal.

How do you know if you have a rat?
But even such simple rules will not be able to secure your device 100%. Perhaps the Trojan managed to sneak up unnoticed. What then? There are many factors that can betray his presence.

Bullying
First and most obvious. An attacker will impersonate himself by carrying out suspicious activity on your device. Files will start to disappear, various tabs and programs will open. Perhaps he will even write something to you in a notebook. This is a bad signal and you need to smoke the pest as soon as possible. In the worst case, the monitor may go out, or the drive may turn off.

Glitches
The most common rat signal. The device starts to dull, the Internet too, there is a high outgoing traffic.

Theft
The worst thing that can happen is that the attackers have already achieved their goal - they stole your passwords. This can be understood by suspicious activity on your social networks, or, in extreme cases, on a bank account.

Software
So, we got a rat, what should we do? In most cases, antiviruses will not help, since the warriors are sharpened under disguise from them. We will need special services to detect network intrusions. For example, Fortinet, Suricata, or Snort products. With their help, you can detect suspicious processes, as well as delete a malicious file. If you are attacked by a simple warrior, the same operation can be done through the process manager. We find the suspicious process and turn it off, then delete the warrior himself. To achieve even greater security against RAT attacks, you can install a firewall. For example Comodo Firewall, Zone Alarm, GlassWire and others.

That's all for me. All safety and anonymity!