BlackNET RAT Description
Cyber crooks from all around the world are attempting to take advantage of the Coronavirus (COVID-19) pandemic that has gripped the globe. These shady individuals are trying to benefit from people’s fear by offering to provide them with various tools and services that may help them during these testing times.
Malware researchers have detected two bogus websites that claim to offer users an anti-virus application recently, which is supposed to protect them from the Coronavirus. This dodgy offer can be found on ‘antivirus-covid19.site’ and ‘corona-antivirus.com.’ It is rather bizarre that the creators of these pages offer a supposed online solution to a real-life virus, and it is not likely that many users will fall for this scam. The fake anti-malware solution is named ‘Corona Antivirus.’
This is nothing more than a scam as there is no way an online service can provide you with any type of protection against the virus that is plaguing the world. Users who attempt to download the ‘Corona Antivirus’ bogus application will get an executable named ‘update.exe.’ If you run the executable file in question, you will deploy a threat called BlackNET RAT (Remote Access Trojan). The source code of the BlackNET malware is available in full on the GitHub platform. Any cyber crooks can get access to the BlackNET Trojan’s source code and begin distributing it themselves, which may give this threat a rather wide reach.
The operators of the BlackNET RAT are using a Web-based control panel that lists all the compromised systems that are online currently and allows the attackers to access them freely. This means that the BlackNET Trojan allows the attackers to:
- Collect cookies from the Firefox Web browser.
- Collect saved login credentials from Web browsers.
- Collect cryptocurrency wallets by collecting ‘wallet.dat’ files.
- Take screenshots of the user’s desktop and active windows.
- Execute remote commands.
- Run a keylogging module that collects the user’s keystrokes.
- Use the compromised computers to execute DDoS (Distributed-Denial-of-Service) attacks.
- Transfer all the collected data to the server of the attackers.
Countless cyber crooks are using the Coronavirus pandemic to distribute malware or run online tactics, so users need to be very wary when browsing the Web. Do not forget to protect your system and your data with the help of a legitimate anti-malware solution.