Darkmoon

Darkmoon is a RAT (or Remote Administration Trojan) that gives third parties control over your computer based on a simple client interface. Features boasted by Darkmoon include both general backdoor functions and specialized information-theft attacks, along with distribution methods that conceal its installers as unrelated files (such as torrents). Despite its breadth of potential aggression, Darkmoon has no meaningful symptoms linked to its presence; removing Darkmoon should use anti-malware products that are well-versed in identifying stealth-based threats.

A Weather Report that's nothing But Trojans

While Darkmoon (also labeled as PoisonIvy/Breut) has all of the characteristics to classify Darkmoon as a backdoor Trojan or spyware, the ease of use of its comprehensive attack interface makes Darkmoon primarily identifiable as a RAT. RATs like Darkmoon, Jack Trojan and Ghost Radmin sometimes are installed by Trojan droppers and downloaders, with installers that may be disguised as everything from fake movie files to documents with embedded memory buffer-based exploits. Darkmoon is available to the general public on the black market, with some individual details – such as what disguise its installer uses – up to the individual ill-minded client. Axiom, a group of hackers specializing in cyber espionage of targets that oppose Chinese state interests, is one of Darkmoon's most high-name clients.

Regardless of the identity of the third parties controlling it, Darkmoon uses a straightforward Windows interface to enable most of its attacks. Examples of these functions include keylogging (recording your keyboard input), forcing non-consensual reboots, turning on and viewing your webcam, modifying the Registry, taking screen captures and terminating programs arbitrarily. Like many RATs, Darkmoon inhabits dual roles by allowing third parties to exert direct control over an infected PC, while also providing specialized features for monitoring, recording and uploading stolen information in multiple formats.

Easily Eclipsing a Darkmoon Attack

Darkmoon includes a file-bundling function that allows its installer to conceal within unrelated files. These methods of infection may be employed by third parties interested in infecting general, non-specific targets, such as users of illegal software sites. However, groups like Axiom, known for targeting defense contractors, infrastructure companies and equally-specific aims, frequently prefer using e-mail file attachments as reliable installers. Using anti-malware products to scan any files under suspicion of harboring Darkmoon should be adequate for preventing either infection method from succeeding.

Darkmoon is designed to avoid standing out, and will not show any visible symptoms, unless its user is careless. The prolonged existence of Darkmoon and equally-stealthy backdoor Trojans as fixtures of the threat black market causes malware researchers to recommend routine anti-malware scans for virtually all PC owners. Verifying that your computer is uninfected, rather than hoping it is, may be the only way to catch a threat like Darkmoon before important information may land in unsafe hands.