The DarkComet Remote Access Tool (RAT) is a hacking tool that criminals can use to control a computer from a remote location. It has been used prominently in attacks against political activists in the Middle East, particularly in Syria. Although development on DarkComet has been allegedly halted, it is still being distributed and actively used against political dissidents. One of the latest such attacks come in the form of AntiHacker, a fake security tool. Advertised as a program to help avoid precisely these kinds of online attacks, AntiHacker is a disguised delivery tool for the DarkComet RAT. If the computer is infected with AntiHacker, the criminals behind this threat can gain complete control over the infected computer, including control over its webcam and access to its files. ESG malware analysts warn that AntiHacker is not what AntiHacker seems and computer users in sensitive situations, such as those that are politically active in the Middle East, should be especially careful when downloading and installing any software on their computer.
How AntiHacker Scams PC Users
It is well known that the Syrian government has enlisted the help of hackers in order to uncover and attack political activists. Many people in Syria and other Middle Eastern countries actively seek out software and plug-ins to help them avoid eavesdropping on their online activity. Unfortunately, these same outlaws have started to take benefit of this situation by releasing fake security tools, add-ons and plug-ins that are designed to deliver malware on the victim's computer. In 2012, we saw various cases of this happening; commonly distributed on social media networks, these can be disguised as fake security plug-ins for Skype, instant messaging programs or security software suites.
AntiHacker is no exception. It is advertised on the Facebook page that claims to provide tools to help political activists, while doing the complete opposite. This Facebook page contains a link to a website where AntiHacker can be downloaded and installed. Once AntiHacker is installed, hackers can control applications on the infected computer, gain access to personal files and take pictures and video with the infected computer's webcam.
Taking a Look at the AntiHacker Interface
A closer look at AntiHacker reveals many typos and grammatical errors that reveal its true nature. Because of this, ESG security researchers reiterate the importance of downloading security software only directly from recognized, reputable manufacturers. Criminals will often disguise their malware creations as security tools in order to target those that are most vulnerable.