Top five remote access trojans by Blackhat Pakistan 2023

Today in this article we will know about Top five remote access trojans.

Once a hacker gains initial access to a target computer, the next logical step is to expand and consolidate that position. In the case of a phishing attack, this involves the use of malware to exploit access provided by email.

A common way to spread this bridgehead on a target computer is through Remote Access Trojans (RATs). This type of malware is designed to allow a hacker to remotely control a target computer and provide a level of access similar to that of a remote system administrator. In fact, some RATs are derived from or based on legitimate remote management toolkits.

The primary evaluation criteria for a given RAT is how well they enable the hacker to achieve their goals on the target computer. Different RATs are specialized for certain purposes, but many high-end RATs are designed to provide a large number of functions on a number of different systems.

Also read:Linux for ethical hackers 101 by Blackhat Pakistan

The best RATs[Top five remote access trojans]

There are many different remote access Trojans, and some hackers modify existing ones or develop their own to better suit their preferences. Different RATs are also designed for different purposes, notably with RATs specifically targeting each potential target (desktop versus mobile, Windows versus Apple, etc.).

Comparing different RATs across borders is like comparing apples to oranges. However, some RATs are distinguished from others within their specific areas of expertise.

1. Hacker’s Choice: FlawedAmmyy
   When trying to figure out which variant of malware is most effective, it’s helpful to look at what hackers are actively using. When it comes to RATs, FlawedAmmyy stands out as a clear modern favorite among hackers.

FlawedAmmyy is a RAT that was developed from the leaked source code of the Ammyy Admin remote management software. It has been used in a number of different malware campaigns, but made history in October 2018 when it made CheckPoint’s top 10 malware threat list for the month. This was the first time a RAT made the list and it was the result of an increase in malware campaigns pushing RATs. However, RATs continue to appear in incidents and are used by a number of different hacker groups.

Since it was derived from a legitimate remote management tool, FlawedAmmyy has a number of built-in features. It gives the user the ability to access the file system, take screenshots, and control the microphone and camera.

2. Free and open-source: Quasar
   For those with a free and open-source RAT (to avoid potential backdoors), the Quasar RAT is widely recommended. Quasar is written in C# and is available on GitHub. It was first adopted in July 2014 and has received active updates since then.

Quasar is billed as a lightweight remote management tool that runs on Windows. However, it also has a number of features designed for “employee monitoring” (ie useful for hackers as well). This includes keylogging, the ability to open remote shells, and download executable files. Its many features and high stability (due to frequent updates) make it a popular choice.

3. Mobile access (iOS): PhoneSpector
   In the mobile market, RATs are advertised as solutions to help parents monitor their child’s mobile phone usage or employers to monitor their employees’ use of company devices. There are iOS monitoring apps that do not require the target device to be jailbroken.

One is PhoneSpector, which bills itself as designed to help parents and employers, but behaves like malware. The software can be installed by the device owner clicking the link and entering the product key on their device. It then monitors the device and remains undetectable to the user.

PhoneSpector offers the hacker the ability to monitor a wide range of activities on the device. This includes tracking phone calls and text messages (even those that have been deleted) as well as app activity. PhoneSpector even provides a customer service line in case a hacker gets in trouble.

4. Mobile access (Android): AndroRAT
   Android’s market share and security model mean that more malware has been developed for it. The same goes for Android RATs. However, one of the most famous Android RATs in existence is AndroRAT.

AndroRAT was originally developed as a research project to demonstrate the ability to remotely control Android devices, but has since been adopted by criminals. The original RAT source code is available on GitHub and provides a wide range of features.

Despite the age of the source code (last updated in 2014), AndroRAT continues to be used by hackers. It includes the ability to inject its malicious code into legitimate apps, making it easy for a hacker to release a new malicious app carrying the RAT. Its functionality includes all common mobile RAT features including camera/microphone access, call monitoring and GPS location tracking.

5. RAT for ICS: Havex
   Malware targeting industrial control systems (ICS) is nothing new, big names like Stuxnet and Industroyer are designed to cause physical damage. However, some ICS-targeted malware is aimed at controlling critical infrastructure.

Havex is a universal RAT, but also has components specific to ICS systems. This includes port-focused scanning modules used by Siemens and Rockwell Automation. The malware has also been used in attacks targeting ICS, proving that it is specifically designed to target this sector.

Conclusion: maintain access

Remote Trojans perform an important function for hackers. Most attack vectors, such as phishing, are ideal for delivering payloads to a computer, but do not provide the hacker with the ability to explore and interact with the target environment. RATs are designed to create a foothold on the target computer that gives the hacker the necessary level of control over their target computer.

All five RATs described here excel in their ability to function in a particular environment. A RAT specialized for a target environment is more likely to be able to accomplish its intended task without detection, making it much more valuable as a covert surveillance tool.

Sources

1. October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Top 10 Threats, Check Point
2. FlawedAmmyy Malware Information, Trend Micro
3. QuasarRAT, GitHub
4. androrat, GitHub
5. RATs Come to Android: It’s Scary, But You’re (Probably) Safe, PC Magazine