BlackWorm RAT Description
The Syrian Malware Team is a hacking group, which, as the name suggests, originates from Syria. Judging by their pro-Syrian government sentiments displayed in several of their attacks, it is likely that this is a state-sponsored hacking group. They often go after high-profile targets among which were CENTCOM and even Forbes.
In Operation for Five Years
One of the hacking tools in the vast arsenal of the Syrian Malware Team is the BlackWorm RAT. This is Remote Access Trojan, which is one of the most commonly used hacking tools by the Syrian Malware Team. The BlackWorm RAT has been used by the Syrian Malware Team for over five years now, and the hacking group has further weaponized it over this period by introducing a number of updates. It appears that one of the first variants of the BlackWorm RAT was a creation of a cyber crook with the alias ‘njq8.’ This is a well-known face in the world of cybercrime as he is also behind another notorious Remote Access Trojan called Njw0rm. The older version of the BlackWorm RAT’s builder was fairly limited in its capabilities. The only things that could be configured were the port and address used to communicate with the command server. The builder component saw some improvements in the future - recent releases enable the operator to configure the BlackWorm RAT to terminate certain anti-virus and debugging software, as well as to bypass the User Account Control feature.
Despite not being one of the most features-rich RATs out there, the BlackWorm RAT has enough capabilities to cause some serious damage to the compromised host. This threat is able to:
- Control Windows processes.
- Restart the system.
- Shut down the system.
- Log out the user from their account.
- Upload files.
- Download files.
- Execute files.
- Ping compromised systems to determine activity.
- Close the server.
- Restart the server.
- Command the active compromised system to perform a DDoS (Distributed-Denial-of-Service) attacks.
- Block mouse input.
- Block keyboard input.
- Disable tools used to manage the Windows Registry or running processes.
- Disable anti-virus applications.
- Contact the victim via a message box.
- Display a video meant to startle the victim using a ‘hror’ command.
In the beginning, the BlackWorm RAT was only employed by the cybercriminals in the Syrian Malware Team group, but they have since made it available publicly, and now any shady individuals with unsafe intent can get their hands on this Trojan. Make sure you download and install a reputable anti-virus software suite to keep your system safe from threats like the BlackWorm RAT.
Do You Suspect Your PC May Be Infected with BlackWorm RAT & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like BlackWorm RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.