Home Malware Programs Backdoors Backdoor.Bozok

Backdoor.Bozok

Posted: December 26, 2016

Threat Metric

Threat Level: 6/10
Infected PCs: 101
First Seen: December 26, 2016
Last Seen: March 28, 2020
OS(es) Affected: Windows


The Bozok Remote Access Trojan (RAT) is an unsafe tool that was developed by someone who goes by the nickname ‘Slayer616.’ Unfortunately, the harmful program he worked on is being distributed free of charge, which means that it can provide any evil-minded users with the ability to propagate their personalized version of this cyber threat. The list of features that the Bozok RAT supports is not impressive, but the author has provided additional updates and plugins that would allow the attacker to extend the features of the Trojan.

The base features supported by the Bozok RAT would allow the attacker to upload files to the compromised system, as well as to download files from it. The operator also can work with the Windows Registry Editor, manage the processes, and collect saved passwords from Web browsers and FTP clients. If the attacker opts to add the plugins supported by the Bozok RAT, he also can access the following list of modules:

  • Remote Desktop connection
  • Web Camera capture
  • Keylogger
  • Grab desktop screenshots

After deployed, the Bozok RAT may attempt to gain persistence by creating an auto startup Registry key, or by using the Windows Startup entries.

Protecting yourself from the Bozok RAT and similar threats does not require much – you can use a trustworthy anti-malware software suite to keep an eye on incoming files and connections. It also is a good idea to stay away from suspicious websites and emails, as well as to avoid downloading files from an unknown origin.

Loading...