BlackWorm RAT

The Syrian Malware Team is a hacking group, which, as the name suggests, originates from Syria. Judging by their pro-Syrian government sentiments displayed in several of their attacks, it is likely that this is a state-sponsored hacking group. They often go after high-profile targets among which were CENTCOM and even Forbes.

In Operation for Five Years

One of the hacking tools in the vast arsenal of the Syrian Malware Team is the BlackWorm RAT. This is Remote Access Trojan, which is one of the most commonly used hacking tools by the Syrian Malware Team. The BlackWorm RAT has been used by the Syrian Malware Team for over five years now, and the hacking group has further weaponized it over this period by introducing a number of updates. It appears that one of the first variants of the BlackWorm RAT was a creation of a cyber crook with the alias ‘njq8.’ This is a well-known face in the world of cybercrime as he is also behind another notorious Remote Access Trojan called Njw0rm. The older version of the BlackWorm RAT’s builder was fairly limited in its capabilities. The only things that could be configured were the port and address used to communicate with the command server. The builder component saw some improvements in the future - recent releases enable the operator to configure the BlackWorm RAT to terminate certain anti-virus and debugging software, as well as to bypass the User Account Control feature.

Capabilities

Despite not being one of the most features-rich RATs out there, the BlackWorm RAT has enough capabilities to cause some serious damage to the compromised host. This threat is able to:

• Control Windows processes.
• Restart the system.
• Shut down the system.
• Log out the user from their account.
• Upload files.
• Download files.
• Execute files.
• Ping compromised systems to determine activity.
• Close the server.
• Restart the server.
• Command the active compromised system to perform a DDoS (Distributed-Denial-of-Service) attacks.
• Block mouse input.
• Block keyboard input.
• Disable tools used to manage the Windows Registry or running processes.
• Disable anti-virus applications.
• Contact the victim via a message box.
• Display a video meant to startle the victim using a ‘hror’ command.

In the beginning, the BlackWorm RAT was only employed by the cybercriminals in the Syrian Malware Team group, but they have since made it available publicly, and now any shady individuals with unsafe intent can get their hands on this Trojan. Make sure you download and install a reputable anti-virus software suite to keep your system safe from threats like the BlackWorm RAT.