While looking around on underground forums, Symantec experts have uncovered a Java-based cross-platform remote access tool (RAT) called “Frutas” (Spanish word for “fruit”).
, which is being offered for free to the forum’s members, can be used by cybercriminals to create a connect-back client JAR file on the infected computer. The backdoor builder provides some obfuscation to allow its master to use custom encryption for some of the embedded functions.
Once a backdoor connection is established, the Frutas server notifies the attacker and allows him to perform actions such as browse system files, kill system processes, send pop-up messages, download and execute files, open specified webpages, and even perform DOS attacks.
Frutas is not very prevalent for the time being and it’s mainly used by Spanish hackers. When Symantec discovered the RAT, only 2 of the 46 vendors from Virus Total were detecting it as a threat.
Check out the gallery below to see what the Frutas RAT looks like.