14 DAY TRIAL // The developer of the DarkComet RAT has recently revealed his plans to stop working on the remote access tool because it is used for malicious purposes. However, this hasn’t prevented cybercriminals from utilizing it once again in a campaign against Syrian activists.
This time, the RAT is disguised as a security tool called AntiHacker which can allegedly protect computers against online threats, the Electronic Frontier Foundation (EFF) reports.
Experts believe that the attackers are relying on the fact that many Syrians are searching for ways to protect themselves against the hackers that work for the government.
The AntiHacker tool is advertised on a Facebook page which displays a banner that reads “We are here to save the world.” A link on the site leads unsuspecting users to another website from which the so-called protection application can be installed.
Once the shady software is executed, the cybercriminals can take control over antivirus products, steal sensitive information, and even capture webcam activity.
Although it’s not as poorly designed as other programs, there are still some hints which reveal the fact that AntiHacker is not a legitimate application.
A perfect example is the message that’s displayed when it’s first executed: You Are Running On unprotected Conection You Maybe At Risk !!!!
Another similar message is shown when the tool is activated: You PC is Protect now thank for using our Product.
“Syrian Internet users should be especially careful about downloading applications from unfamiliar websites,” Eva Galperin and Morgan Marquis-Boire of the EFF explain.
“The AntiHacker website showed many signs of being illegitimate, including prolific abuse of English spelling and grammar, but this campaign demonstrates that while Syrian activists are becoming more savvy about efforts to trick them into downloading malware, attackers are also becoming more sophisticated.”