E security September 1 news Arabic malware programmer Napoleon released a new rat (remote access Trojan tool), "revenge", and shared it free in the underground hacker forum.
Napoleon released the first version of revenge rat on June 28, when he shared the download link at dev point, the Arab hacker forum.
At the time of release, only one of the 54 scanners on VirusTotal detected the new rat, while more than 40 scanners detected revenge V0.1 and identified it as malware.
The first version of revenge rat is just a simple tool
Researcher Rui said,
Revenge V0.1 is a simple tool. The developers of the malware did not confuse the rat source code. The researchers don't think this explains why VirusTotal scanners can't immediately identify it as a threat.
Revenge is written in Visual Basic. Compared with the similar rat, it does not have much working principle. Even Napolean admits that his tools are still in the early stages of development, which is one of the reasons why he offers the rat free of charge.
Another reason for releasing revenge may be that he wants to try to improve his reputation and that of revenge.
Revenge version 2 has many functions
On August 21, Napoleon released revenge rat v0.2 in another well-known hacker forum. This version of revenge rat can still be downloaded for free and has more powerful functions.
A large number of functions added to revenge and the willingness to provide them for free aroused the suspicion of forum users. They began to question whether the rat was set with a back door or infected, while subsequent investigations showed that the software was not set with a back door or infected.
The latest version of revenge R, which is 20KB in size, has the following functions: opening remote shell, starting Remote Desktop Session, interacting with victim's file manager, managing local OS process, listing active windows, managing OS service and editing victim's windows registry.
Other functions include victim IP tracker, keyboard recorder, clipboard manager, and list installed programs, host file editor, OS startup management function, password dump, and access to the user's webcam.
Malware coders usually need a year to launch a full-featured rat. Revenge is currently in its infancy, and future versions will meet the standards of adwind, remcos, ozone or Orcus and other tools.
Future versions will also likely add code obfuscation and anti analysis protection features to avoid security products marking them as malware. If developers have enough time to develop revenge, the rat will keep pace with other competitive tools.
Download the address from the wall!
Note: there are risks in using this tool! E safety reminds readers not to use this software to engage in illegal activities. E safety only provides an environment for observation and learning, and will not be liable for any resources and consequences of use.
E security note: This article is reported by e security editor. Please contact the authorized person for reprint, and keep the source and link. No content can be deleted. Contact information: ① wechat Zhu Geliang ② email [email protected]
@E security, the most professional cutting-edge network security media and industrial service platform, provide quality global network security information and deep thinking every day. Welcome to WeChat official account "E security" (EAQapp), or visit E security portal website www.easyaq.com, to see more exciting content.