Η εμφάνιση των φτηνών κακόβουλων προγραμμάτων DarkCrystal RAT ανησύχησε τους ειδικούς

BlackBerry researchers analysed the DarkCrystal RAT (aka DCRat) malware and its developer’s activity on the darknet.

Προφανώς, the malware has been active since 2019, it is the “brainchild” of a Russian-speaking developer. It is sold for as little as about $7 for two months for $60 for a lifetime license.

We also wrote that ZingoStealer malware is distributed among criminals for free.

The company’s report notes that such a low price is a rather unusual phenomenon, which gives the impression that the author of the malware, known by the nicknames boldenis44, crystalcoder and simply Koder, is not looking for profit at all, has an alternative source of funding, ή, probably, DarkCrystal is his personal project, not his main source of income.

Κακόβουλο λογισμικό DarkCrystal RAT
DarkCrystal Author Profile

Επιτρέψτε μου να σας υπενθυμίσω ότι το γράψαμε και αυτό Prynt Stealer Malware Sells on the Dark Web for Only $100 κάθε μήνα.

DarkCrystal is written in .NET and has a modular design that can be used for a variety of tasks, including dynamic code execution, data theft, surveillance, και DDoS attacks.

Με ενδιαφέρο, the functionality can be extended with third-party plugins developed by affiliates using a dedicated DCRat Studio IDE, and subscribers are given access to a list of supported plugins.

Κακόβουλο λογισμικό DarkCrystal RAT

Once launched on the victim’s computer, the malware collects system information and transfers data such as host and user names, location data, privileges, installed security solutions, motherboard and BIOS information, and Windows versions to the command and control server.

DarkCrystal is capable of taking screenshots, intercepting keystrokes and stealing various types of data from the system, including the contents of the clipboard, μπισκότα, κωδικούς πρόσβασης, browser history, bank card data, καθώς Τηλεγράφημα, Διχόνοια, Ατμός και FileZilla λογαριασμούς.

ο “productitself includes three components: an executable for the stealer/client, a C&C interface, and an executable written in JPHP, which is a tool for the administrator. The latter is designed in such a way that a hacker can quietly activate the breaker, αυτό είναι, an attacker can remotely make the tool unusable. It also allows subscribers to communicate with the C&Διακομιστής C, issue commands to infected endpoints, and send error reports to the malware author.

Επί του παρόντος, DarkCrystal RAT is hosted on crystalfiles[.]ru, where it is “moved” from dcrat[.]ru, a simple site that was used only for downloading.εμπειρογνώμονες BlackBerry λένε.

Since a previous analysis of the malware by Mandiant εμπειρογνώμονες in May 2020 traced the RAT infrastructure to files.dcrat[.]ru, the switch to crystalfiles[.]ru, according to BlackBerry experts, indicates that the malware author is responding to a public disclosure information.

Operations for the sale and advertising of malware are now carried out through Russian-language hack forums (including lolz[.]guru), and news and updates are published in Telegram.

The countdown also states that Cobalt Strike and TDS beacons called Prometheus are involved in the distribution and deployment of DarkCrystal.

Helga Smith

Ενδιαφέρομαι πάντα για τις επιστήμες των υπολογιστών, ειδικά την ασφάλεια δεδομένων και το θέμα, που ονομάζεται σήμερα "επιστημονικά δεδομένα", από τα πρώτα μου χρόνια. Πριν μπείτε στην ομάδα κατάργησης ιών ως αρχισυντάκτης, Εργάστηκα ως ειδικός στον τομέα της ασφάλειας στον κυβερνοχώρο σε πολλές εταιρείες, συμπεριλαμβανομένου ενός από τους εργολάβους της Amazon. Μια άλλη εμπειρία: Έχω διδάξει σε πανεπιστήμια Arden και Reading.

Αφήστε μια απάντηση

Αυτό το site χρησιμοποιεί Akismet να μειώσει το spam. Μάθετε πώς γίνεται επεξεργασία των δεδομένων σας σχόλιο.

Κουμπί Επιστροφή στην κορυφή