Malware developers often borrow portions of code from other projects to make their work a bit easier and implement ready-to-use features without doing much coding. This is exactly what the authors of CinaRAT has done – they have used the source code of the QuasarRAT to set up the core functions of their product, and both of these threats share similar features. What is odd is that the CinaRAT software is not presented as a program used for unsafe purposes – the authors say that it is a free and easy-to-use remote administration tool, and there is no hint of harmful intent. However, taking a closer look at the CinaRAT’s features reveals an entirely different story.
Usually, popular Remote Administration Tools offer remote desktop, chat session, screenshot capture and access to the other party’s audio. In addition to this, all of these permissions are granted only with the other party’s approval. CinaRAT features many more features but, more importantly, it can work silently and disguise itself as a legitimate system process, therefore allowing it to operate stealthily on the compromised computer. Once CinaRAT has been set up, it would provide its operator with access to numerous features that allow them to:
- Manage files.
- Access Windows features like the Registry Editor, Command Prompt, Task Manager and Windows Explorer.
- Upload and launch files on the compromised system (it may be used to plant malware).
- Recover saved passwords from Web browsers and FTP software – typical behavior for info stealers.
- Log the user’s keystrokes (may be used to monitor conversations and collect login credentials).
- Initialize hidden Web browser sessions on the infected computer.
This is just a reduced list of the actions that CinaRAT is capable of, and it seems like no one would use this tool unless they plan to wreak havoc and collect potentially valuable information.
The scariest part about software like this is that it is free and comes with detailed instructions on how to get it up and run – this provides even non-tech savvy users with the ability to use this particular hacking tool. Thankfully, since CinaRAT is a public project, you can rest assured that having an up-to-date anti-virus application installed will keep you safe from this Remote Access Trojan.