14 DAY TRIAL // An Egyptian-based hacker has created a new RAT (Remote Access Trojan) on the old skeleton of the njRAT toolkit. This new tool can be deployed and allows attackers to run their operations in anonymity and with enhanced spying powers.
Dubbed KillerRat, this RAT is nothing more than a simple refurbishing of the older njRAT spyware with new hacking capabilities.
While njRAT's spying features targeted Android devices, with less focus on Windows-based ones, KillerRat is specifically tooled to allow an attacker to easily take over Windows PCs.
Cyber-security vendor AlienVault detected this latest addition to the spyware family and concluded an in-depth analysis of the threat.
KillerRat comes with very powerful spying capabilities
There are a few things that this new RAT allows attackers to do:
- interact with the victim's local filesystem
- interact with the victim's local processes
- interact with the victim's local registry
- execute shell commands on the victim's PC
- get passwords from their browser
- activate a keylogging function
- turn on the victim's webcam and watch a real-time feed
- start a remote desktop session
- use the victim as a proxy for their network traffic
- launch DDoS attack from the victim's PC
- open a website in the user's browser
- run custom scripts
- infect victim with other malware
- send collected data to a C&C server
At the moment of AlienVault's analysis, KillerRat was only detected by one antivirus company out of 35. This comes despite the fact that njRAT has been around for years, and KillerRat shares most of its codebase.
KillerRat's author didn't bother hiding his real identity
Another thing that stands out is that, while all hackers like to brag about their tools and leave nicknames behind in their code, the creator of KillerRat seems to have left his real name and Facebook page in KillerRat's About section.
Following the link, we arrived on the Facebook profile of a person named Ahmed Ibrahim, which is full of hacking-related activities.
His timeline revealed that Ibrahim released KillerRat version 4.0.1 (the latest detected) on October 30, version 3.1.6 on October 23, and version 2.9.6 on October 18. Besides KillerRat, Ibrahim also seems to be working on a new tool called the Wedges Worm.
