COMpfun

COMpfun is a Remote Access Trojan (RAT), which might be related closely to another RAT that was used by the Turla APT group in cyberattacks against high-value targets in Belarus and Russia. While the Reductor Trojan packs a broader range of features and an innovative method to exploit modern Web browsers, COMpfun is much simpler in terms of functionality. However, it is certainly not a cyber-threat that can be underestimated since it possesses the necessary features to provide its operators with the ability to take full control over the compromised computer.

A Five-Years Old RAT Still Going Strong

The first samples of COMpfun were spotted in the wild in 2014, and the threat has been widely used since then. It packs features typical for Remote Access Trojans:

• Ability to manage the files on the compromised machine.
• Upload or download files and launch them.
• Take screenshots.
• Initialize a keylogger module and send log files to a Command & Control server periodically.
• Execute remote commands or PowerShell scripts.

One of the more notable innovations about COMpfun during this period was the fact that it used a COM-hijacking (Component Object Module) technique that was not known beforehand. Thanks to this ability, the COMpfun Trojan was able to stay undetected since its code would be injected in a legitimate process.

Despite its relatively old age, COMpfun is still strong by today's standards for malware. For example, it was used as a first-stage payload meant to introduce the Reductor Trojan to compromised hosts recently. It is likely that multiple cybercrime groups and individuals are making use of this Remote Access Trojan, but there is good news – every modern antivirus product should be able to identify and eradicate this threat with ease so that you should make sure to keep your computer protected by a reputable anti-malware tool.