BlackWorm RAT

BlackWorm RAT Description

The Syrian Malware Team is a hacking group, which, as the name suggests, originates from Syria. Judging by their pro-Syrian government sentiments displayed in several of their attacks, it is likely that this is a state-sponsored hacking group. They often go after high-profile targets among which were CENTCOM and even Forbes.

In Operation for Five Years

One of the hacking tools in the vast arsenal of the Syrian Malware Team is the BlackWorm RAT. This is Remote Access Trojan, which is one of the most commonly used hacking tools by the Syrian Malware Team. The BlackWorm RAT has been used by the Syrian Malware Team for over five years now, and the hacking group has further weaponized it over this period by introducing a number of updates. It appears that one of the first variants of the BlackWorm RAT was a creation of a cyber crook with the alias ‘njq8.’ This is a well-known face in the world of cybercrime as he is also behind another notorious Remote Access Trojan called Njw0rm. The older version of the BlackWorm RAT’s builder was fairly limited in its capabilities. The only things that could be configured were the port and address used to communicate with the command server. The builder component saw some improvements in the future - recent releases enable the operator to configure the BlackWorm RAT to terminate certain anti-virus and debugging software, as well as to bypass the User Account Control feature.


Despite not being one of the most features-rich RATs out there, the BlackWorm RAT has enough capabilities to cause some serious damage to the compromised host. This threat is able to:

  • Control Windows processes.
  • Restart the system.
  • Shut down the system.
  • Log out the user from their account.
  • Upload files.
  • Download files.
  • Execute files.
  • Ping compromised systems to determine activity.
  • Close the server.
  • Restart the server.
  • Command the active compromised system to perform a DDoS (Distributed-Denial-of-Service) attacks.
  • Block mouse input.
  • Block keyboard input.
  • Disable tools used to manage the Windows Registry or running processes.
  • Disable anti-virus applications.
  • Contact the victim via a message box.
  • Display a video meant to startle the victim using a ‘hror’ command.

In the beginning, the BlackWorm RAT was only employed by the cybercriminals in the Syrian Malware Team group, but they have since made it available publicly, and now any shady individuals with unsafe intent can get their hands on this Trojan. Make sure you download and install a reputable anti-virus software suite to keep your system safe from threats like the BlackWorm RAT.

Do You Suspect Your PC May Be Infected with BlackWorm RAT & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like BlackWorm RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.