- Oct 23, 2012
- 12,527
An Italian malware developer by the name of Viotto has published his latest creation, the Remcos RAT (Remote Access Trojan), which he's selling on underground hacking forums for a price that varies from $58 to $389, payable in various anonymous digital currencies.
According to a listing on one of the hacking forums, the Remcos RAT was released towards the end of July, and has already reached version 1.3. Viotto says that the Remcos client is coded in C++, while the C&C server component runs on Delphi.
Remcos includes a keylogger, password dumper, and more
Remcos is offered as a free download with limited features, but the Pro version provides access to all the RAT's features.
This includes the ability to take screenshots of infected computers, log keystrokes offline or in real time, record content via the device's microphone, and record content via the device's camera.
Additionally, Remcos also includes a password dumping component, which all professional RATs seem to have these days. Viotto claims that his RAT can dump passwords from applications such as Internet Explorer, Firefox, Chrome, Safari, Opera, Pidgin, Trillian, Miranda, and ICQ,.
An analysis by Symantec, who detects the RAT as Remvio, reveals that this password dumper is also effective against Digsby, Paltalk, and Windows MSN/Live Messenger, but not Safari as Viotto claims.
Remcos can target only Windows PCs
Remcos works on all Windows versions from XP and higher, on both 32-bit and 64-bit platforms. All data stolen from infected devices is sent encrypted via HTTPS to the C&C server.
According to a listing on one of the hacking forums, the Remcos RAT was released towards the end of July, and has already reached version 1.3. Viotto says that the Remcos client is coded in C++, while the C&C server component runs on Delphi.
Remcos includes a keylogger, password dumper, and more
Remcos is offered as a free download with limited features, but the Pro version provides access to all the RAT's features.
This includes the ability to take screenshots of infected computers, log keystrokes offline or in real time, record content via the device's microphone, and record content via the device's camera.
Additionally, Remcos also includes a password dumping component, which all professional RATs seem to have these days. Viotto claims that his RAT can dump passwords from applications such as Internet Explorer, Firefox, Chrome, Safari, Opera, Pidgin, Trillian, Miranda, and ICQ,.
An analysis by Symantec, who detects the RAT as Remvio, reveals that this password dumper is also effective against Digsby, Paltalk, and Windows MSN/Live Messenger, but not Safari as Viotto claims.
Remcos can target only Windows PCs
Remcos works on all Windows versions from XP and higher, on both 32-bit and 64-bit platforms. All data stolen from infected devices is sent encrypted via HTTPS to the C&C server.
