Nothing is free in this world.
If you are looking for free hacking tools on the Internet, be careful: most of the freely available tools, which claim to be the Swiss Army knife for hackers, are nothing but a scam.
Last year we reported one of those Facebook hacking tools that actually had the ability to hack a Facebook account, but yours, and not what you want to hack.
Now a Cobian RAT (Remote Access Trojan) kit that was recently discovered in several free hacker forums that contain a backdoored module that aims to provide kit authors with access to all victim data.
With the name Cobian RAT, malware has been in circulation since February this year and has some resemblance to the njRAT and H-Worm malware family, which has existed since at least 2013.
According to researchers, ThreatLabZ Zscaler, who discovered the nature of the backdoored malware kit, “malware generator” is likely to allow other Wannabe hackers to build their own versions of Cobian RAT with relative ease.
Once criminals create their own malware version with this free generator, they can effectively distribute via compromised or traditional spam victim websites across the globe and are able to recruit devices affected by a malicious botnet.
Cobian RAT steals compromised system data, with the ability to record keystrokes, take screenshots, record audio, and video from the webcam, install and uninstall programs, run shell commands, use dynamic components, and manage files.
Cybercriminals want to beat hackers
Now, if you’re excited to know that all these features offered by the original authors of the malware creation kit are free, as you say, it’s wrong.
Unfortunately, custom RATs created with this free builder kit Cobian RAT malware have a hidden back door module, which silently connects to a Pastebin URL that acts as a command and control of the author’s kit infrastructures.
The rear door, at any time, can be used by the original kit kits to issue orders to all rats built on the top of its platform, putting both hackers and infecting them at compromised risk systems.
“It’s ironic that second-tier operators, who make use of this kit to spread malware and steal from the end-user, are tricked by the original author,” he wrote. Read more Desai, senior director of security research for Zscaler. a publication published on Thursday.
“The original author is basically using a crowds model to build a metabotropic botnet exploiting Botnet’s second-tier operators.”
Researchers also explain that Cobian’s original developer is “relying on second-tier operators to build Cobian RAT payload and spread infections”.
The original author can then take full control of all compromised systems through all Cobian RAT botnet, thanks to the backdoor module. They can also remove second-level operators by modifying the C & C server information configured by them.
He recently noted that the payload of Cobian RAT researchers came from a defense-based website and telecommunications solution in Pakistan (which was potentially compromised) and served within a .zip masked MS Excel spreadsheet file.
Bottom line: Pay attention to free online stuff with great care before using them.