September 29, 2016

DarkComet RAT developer shuts down project

(LiveHacking.Com) – The developer of the DarkComet Remote Administration Tool (RAT) has put an end to the project because of its abuse and use by malware writers. Jean-Pierre LESUEUR posted the announcement on the official site as well as on Twitter and Pastebin.

Once installed on a remote machine, the DarkComet RAT allows a remote “administrator” to completely control the target machine. Its functionality included webcam streaming, desktop streaming, micro streaming and keylogger. Because of its effectiveness it became the preferred tool of malware writers who would include the RAT as part of their payload. The tool was implicated in many different types of attacks including attempts to spy on anti-regime activists in Syria.

The tool was designed to be covert and as the feature list mentioned it can be used “without disturbing the remote user”. It was capable of reading passwords from web browsers including Google Chrome, Opera and Mozilla FireFox. It could also record video and audio from any attached webcams or microphones.

“I have devoted years with a nonprofit philosophy for you to enjoy without asking anything in return other than respect of the rules, unfortunately some of you couldn’t respect the terms so because of you (generally speaking) made the DarkComet RAT geo cruiser end,” said Jean-Pierre LESUEUR.

It seems as if pressure had been mounting on Jean-Pierre for the misuse of his software. In his statement he added  “so many of you seem to believe I can be held responsible of your actions, and if there is something I will not tolerate is to have to pay the consequences for your mistakes and i will not cover for you.”

Recent changes to laws in various countries have left developers accountable for the misuse of their security tools. In June, for example, the developer of the Blackshades RAT was arrested. However it is worth noting that Blackshades was developed with malicious intent (unlike DarkComet).

Jean-Pierre re-emphasised his original goal of proving tools for educational purposes and for people who legitimately want to check on remote machine (for example parents with their kids).

The official website has been significantly cut down and the tools is now no longer available for download. However two related tools are still available on the site, one to detect any running instance of DarkComet in memory (even packed/compressed/virtualized etc…) and another one to extract the data in a darkcomet stub. Fortunately the source code for DarkComet has never been released and hopefully the future lack of development will mean its use will whither away.

 

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks