Risk Assessments/Management, Breach, Distributed Workforce

New DCRat malware examined

Threatpost reports that a cybercriminal dubbed "crystalcoder" or "boldenis44" has been selling the Dark Crystal RAT, or DCRat, malware only for $6 for a two-month subscription, with the malware offered at even lower prices during promos. DCRat, which has stealer and client executable capabilities, has been one of the most affordable commercial RATs ever, according to BlackBerry researchers, who also noted amateurish programming in the code of the malware. "The administrator tool is a standalone executable written in the JPHP programming language, an obscure implementation of PHP that runs on a Java virtual machine," researchers said. The report also showed that DCRat has included a feature showing working servers and online users, which may have been an effort to bolster the perceived popularity of the malware. Despite signs that the malware may have been written by a novice author, DCRat has been found to have advanced capabilities, including a highly-customizable command-and-control interface and administrator tool. "DCRats modular architecture and bespoke plugin framework make it a very flexible option, helpful for a range of nefarious uses. This includes surveillance, reconnaissance, information theft, DDoS attacks, as well as dynamic code execution in a variety of different languages," wrote researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.