Cobian RAT
Cobian RAT is a cyber threat that was first identified by malware researchers in 2017, but it has undergone significant updates since then. At first, the project was sold on underground hacking forums by the original author, and the situation has not changed much in the past three years – ads for the Cobian RAT are still circulating on boards frequented by cybercriminals. Any crook with a bit of money in their pocket can purchase a license and builder for Cobian RAT, and then use their favorite malware propagation trick to deliver it to potential victims.
It is not uncommon for cybercriminals to try and profit on the back of their colleagues, and the author of the Cobian RAT is using this exact strategy – although they are charging money for their product, they do not provide their customers with a very legitimate version of the Cobian RAT. It seems that the creator has implemented a silent backdoor that allows them to use a master client in order to control any computer infected by different variants of the Cobian RAT – this means that they may eventually opt to hijack the victims of their clients. Backdoored hacking tools are not a new concept in the field, and the author of the Cobian RAT is just one of the latest malware creators to adopt this nefarious strategy.
Backdoored RAT Sold to Cybercriminals
The payload of Cobian RAT supports a wide range of features, and it relies on creating a fake Microsoft Windows Service to grant itself persistence. It also has a backup persistence mechanism that uses the Windows Registry to ensure that the implant will be started when the computer boots up.
Once active, the Cobian RAT will ping the control server and wait for further instructions. The malware supports a wide range of commands that can be used to:
- Launch a keylogger that records the victim's keystrokes.
- Grab a screenshot of the desktop or currently active window.
- Operate the camera or microphone, and transfer the recorded footage to the control server.
- Browse and modify files.
- Execute remote commands.
- Launch a distributed-denial-of-service (DDoS) attack by using all active bots.
- Initialize a remote desktop connection.
- Use a password-stealing module.
While the Cobian RAT can be a very dangerous problem to deal with, you can rest assured that your PC will be safe as long as you use a reputable anti-malware solution.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.