The Babylon malware is a Remote Access Trojan (RAT) that surfaced on forums on the Dark Web in 2015. The Babylon RAT received several small updates in the following years making it one of the less-known RATs on the Internet that has remained active up to 2019. The Babylon RAT is introduced by, what we suspect is the author, an Internet persona called 'Nogester' on platforms like www.nulled.to and ranger-exploit.com. The 'Nogester' actor advertises the Babylon RAT as an advanced tool with proven high performance and reliability. The Babylon RAT is written using the C++ and the Java programming languages. The client is written in Java, and the command program is written in C++.
Threat actors may deploy the client executable via spam emails, pirated software and exploit kits. Affected users are not likely to notice decreased system performance due to the small size of the client application. Once you are infected, the host sends a POSt request to the command servers including generic system information like the IP address, country of origin, system status, OS type, and version. Also, bot-PCs may be configured to send desktop screenshots on a set interval and update desktop previews in the Babylon RAT control panel. The Babylon RAT supports a wide range of features that are listed below:
- Remote desktop view and remote shutdown.
- Remote PowerShell execution.
- Remote Registry operations.
- Keylogging, audio feed and video feed grabbing using the attached peripherals.
- Formatting the memory drives, uploading files, downloading files to the infected hosts.
- Launching DDoS attacks (Distributed Denial of Service attacks).
- Retrieve passwords in the installed Web browsers (Mozilla Firefox, Google Chrome, Internet Explorer, Edge), email client (Thunderbird, Windows Mail) and Skype.
Compromised users may notice unfamiliar processes in the Task Manager; LED indicators for the Webcam turning on when not using the device; foreign chat windows popping up and disabled AV scanners. You might want to turn your Internet connection off and even unplug the Internet cable for good measure. Then, you can run a security instrument from a USB drive and remove potential threats from your system. Alert names for the Babylon RAT can be found below:
Malware (ai Score=85)