Remote-access Guide

blackshades remote access trojan rat

by Mrs. Hanna Jast Published 3 years ago Updated 2 years ago
image

This Trojan, known as BlackShades, is a Remote Access Tool (RAT) that allows the attacker command the infected PC from a remote location. In recent attacks, the BlackShades Trojan has deployed against anti-regime activists in Syria in the ongoing conflict in this country.

Full Answer

What is Blackshades malware?

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows. According to US officials, over 500,000 computer systems have been infected worldwide with the software.

How many computers have been infected by the Blackshade virus?

According to the FBI, over 500,000 computers in more than 100 countries were infected by the malware. Blackshades sold typically for US$40, and reportedly generated US$350,000 in sales.

How do I get rid of the Blackshades virus?

Many antivirus programs can successfully detect and remove Blackshades, however hackers using the Blackshades software usually avoid detection of Blackshades infections by using software that obfuscates the Blackshades binary to avoid detection by antivirus programs, which the Blackshades organization also sold along with the Blackshades software.

What is Blackshades and how does it work?

Blackshades can reportedly be used remotely to access an infected computer without authorization. Blackshades allows hackers to perform many actions on an infected computer remotely without authorization, including the ability to:

image

Is Blackshades a virus?

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows. According to US officials, over 500,000 computer systems have been infected worldwide with the software.

How Blackshades works?

The Blackshades Remote Access Tool, or RAT, which targets Microsoft Windows-based operating systems, allows cybercriminals to take control of your computer. Once inside, they can spy on you through your web camera, steal your files and account information and see what you are typing.

What is Blackshades net?

BlackShades Net is a RAT that has been around for a few years. It has been the source of a few arrests, including the co-author in 2012. It was developed as for sale malware, sometimes poorly masquerading as legitimate remote administration software.

Can ESET detect RAT?

Note that ESET products detect SpyEye as Win32/Spy. SpyEye and Dark Comet RAT as Win32/Fynloski. If you think your Windows computer is infected with either of these pieces of malware or any other malicious code or spyware you might want to scan it with ESET's Free Online Scanner.

What is Nanocore rat?

Nanocore RAT Propose Change Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors.

Can ESET detect Trojans?

ESET protects you against Trojans.

Will ESET remove malware?

The ESET Online Scanner runs from your web browser, checks for and (optionally) removes malware. You can't configure it, and it can't prevent your computer from being infected by malware.

What is RAT in cyber security?

Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT is running on a compromised system, the attacker can send commands to it and receive data back in response.

Which connection is most commonly used in RATs?

RAT infections are typically carried out via spear phishing and social engineering attacks. Most are hidden inside heavily packed binaries that are dropped in the later stages of the malware's payload execution.

What is ESET Smart scan?

Smart scan allows you to quickly launch a computer scan and clean infected files with no need for user intervention. Its main advantage is easy operation with no detailed scanning configuration. This scan checks all files in all folders and automatically cleans or deletes detected infiltrations.

What is smart RAT switch?

RAT infected Android devices can be remotely zombified by the perpetrator, allowing virtually unlimited access to photos, data and messages on the device. The Dendroid RAT provides full access to infected devices' camera and microphone, and can place calls or listen in on a user's phone conversations or text messages.

Can a Remote Access Trojan be installed to BIOS?

Access to the BIOS has been known to the world’s hackers since 2015. Many believe that the NSA was planting RATs and trackers on BIOS even earlier.

How is a Remote Access Trojan RAT different from a regular Trojan horse?

A Trojan is a virus that gets onto a victim computer by passing itself off as a legitimate piece of software. A RAT is a Trojan that the hacker can...

What is the Sakula Remote Access Trojan RAT?

Sakula is a RAT that is used to intrude on IT systems serving government departments and agencies, healthcare facilities, and other large organizat...

What is Blackshades malware?

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows. According to US officials, over 500,000 computer systems have been infected worldwide with the software.

How does Blackshades infect a computer?

Blackshades infects computer systems by downloading onto a victim's computer when the victim accesses a malicious webpage (sometimes downloading onto the victim's computer without the victim's knowledge, known as a drive-by download) or through external storage devices, such as USB flash drives. Blackshades has the ability to infect and hack multiple computers from the release of a bait that the hacker can make use of, an improved version of blackshades was released shortly after the original release of the primary version, when hacking organizations like Octagonun and Cyber-Sec, decided to develop special features for coupling to the software such as undetectability, DDoS / TCP Flood, and backdoor persistence features.

How much did Blackshade cost before the FBI?

Before the FBI crackdown, Blackshades was sold for US$40 on Hack Forums, and reportedly generated US$350,000 in sales.

How long was Stefan Rigo suspended?

In 2015, Stefan Rigo from Leeds was given a 40-week suspended sentence for using BlackShades against 14 people, 7 of whom he knew personally. It is reported he paid for the software using his ex-girlfriend's payment card.

Can antivirus detect Blackshades?

Many antivirus programs can successfully detect and remove Blackshades, however hackers using the Blackshades software usually avoid detection of Blackshades infections by using software that obfuscates the Blackshades binary to avoid detection by antivirus programs, which the Blackshades organization also sold along with the Blackshades software.

What was the name of the computer fraud and abuse act?

Hogue, a co-creator of Blackshades, was arrested and indicted on charges under 18 U.S.C. § 1030, more commonly known as the Computer Fraud and Abuse Act. He was sentenced to five years of probation, 20 years suspended prison sentence.

Can Blackshades be used remotely?

Blackshades can reportedly be used remotely to access an infected computer without authorization. Blackshades allows hackers to perform many actions on an infected computer remotely without authorization, including the ability to: Access and modify files on the victim's computer. Log keystrokes on the victim's computer.

Can a Remote Access Trojan be installed to BIOS?

Access to the BIOS has been known to the world’s hackers since 2015. Many believe that the NSA was planting RATs and trackers on BIOS even earlier.

What is intrusion detection?

Intrusion detection systems are important tools for blocking software intrusion that can evade detection by antivirus software and firewall utilities. The SolarWinds Security Event Manager is a Host-based Intrusion Detection System. However, there is a section of the tool that works as a Network-based Intrusion Detection System. This is the Snort Log Analyzer. You can read more about Snort below, however, you should know here that it is a widely used packet sniffer. By employing Snort as a data collector to feed into the Snort Log Analyzer, you get both real-time and historic data analysis out of the Security Event Manager.

How does a RAT toolkit work?

Other elements propagate the RAT by sending out links to infected web pages. These are sent to the social media contacts of an infected user.

What is SIEM in security?

This dual capability gives you a full Security Information and Event Management (SIEM) service. This means that you can watch Snort-captured events live and also examine cross-packet intrusion signatures identified through log file records.

How does Beast RAT work?

The Beast RAT attacks Windows systems from Windows 95 up to Windows 10. This uses the same client-server architecture that Back Orifice pioneered with the server part of the system being the malware that gets installed surreptitiously on the target computer. Once the server element is operational, the hacker can access the victim computer at will through the client program. The client connects to the target computer at port number 6666. The server is also able to open connections back to the client and that uses port number 9999. Beast was written in 2002 and is still widely in use.

How to get rid of a RAT?

Sometimes, the only solution to rid your computer of a RAT is to wipe out all of your software and reinstall the operating system. RAT prevention systems are rare because the RAT software can only be identified once it is operating on your system.

What can a hacker do with a RAT?

A hacker with a RAT can command power stations, telephone networks, nuclear facilities, or gas pipelines. RATs not only represent a corporate network security risk, but they can also enable belligerent nations to cripple an enemy country.

How much did the Blackshades kit cost?

The Blackshades kit was widely available and costing as little as just $40. Which might explain why the FBI estimated that it was purchased thousands of times, used in hundreds of countries, and infected more than a million computers worldwide.

How many countries did the FBI raid?

In order to reign in the spread of the malware, which was ideally suited as a business espionage tool, the FBI enlisted the help of law enforcement in 18 countries. In a coordinated series of raids, 40 FBI field offices conducted around 100 interviews, more than 300 searches, seized nearly 2,000 web domains, and made nearly 100 arrests.

Is Blackshades a malware?

His Blackshades creation is not one piece of malware but more of a collection, with the most dangerous being the Blackshades RAT, or Remote Access Trojan. RATs are particularly dangerous because as the name suggests, they allow the hackers to maintain remote control over the Trojan while it’s on an infected computer.

Who was the Miss Teen USA 2013?

One of those victims was Cassidy Wolf, Miss Teen USA 2013. The 19-year-old was targeted in a sextortion case by a 20-year-old from California. This hacker was one of the many who purchased and used Blackshades, and once he had infected the computer of the beauty queen he notified her that he had taken control of her camera, had used her webcam to take a series of compromising photographs of her, and would publish those photos unless she provided him with more photos and videos.

Who created Blackshades malware?

The malware is known as Blackshades, and was allegedly created by a 24-year-old Swedish man who ran his malware operation like a legitimate business. The entrepreneur was very committed to making his malware as popular as possible, hiring a marketing director, customer service representatives, and a customer service manager.

image

Overview

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows. According to US officials, over 500,000 computer systems have been infected worldwide with the software.
In 2014, the United States Federal Bureau of Investigation (FBI) arrested hundreds of people who had Blackshade in their computer. Before the FBI crackdown, Blackshades was sold for US$40 on Hack …

Functionality

Blackshades infects computer systems by downloading onto a victim's computer when the victim accesses a malicious webpage (sometimes downloading onto the victim's computer without the victim's knowledge, known as a drive-by download) or through external storage devices, such as USB flash drives. Blackshades has the ability to infect and hack multiple computers from the release of a bait that the hacker can make use of, an improved version of blackshades was relea…

Detection and removal

Many antivirus programs can successfully detect and remove Blackshades, however hackers using the Blackshades software usually avoid detection of Blackshades infections by using software that obfuscates the Blackshades binary to avoid detection by antivirus programs, which the Blackshades organization also sold along with the Blackshades software.

Blackshades in the media

In 2012, Citizen Lab and EFF reported on the use of Blackshades to target opposition forces in Syria.
In 2015, Stefan Rigo from Leeds was given a 40-week suspended sentence for using BlackShades against 14 people, 7 of whom he knew personally. It is reported he paid for the software using his ex-girlfriend's payment card.

FBI crackdown

In 2012, the FBI ran a sting operation called "Operation Card Shop", which led to 24 arrests of hackers in eight countries. One of those arrested was Michael Hogue (also known as xVisceral in online hacking communities). Hogue, a co-creator of Blackshades, was arrested and indicted on charges under 18 U.S.C. § 1030, more commonly known as the Computer Fraud and Abuse Act. He was sentenced to five years of probation, 20 years suspended prison sentence.

External links

• International Blackshades Malware Takedown - FBI
• International Blackshades Malware Takedown - The Guardian
• Blackshades – Coordinated Takedown Leads to Multiple Arrests - Symantec

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9