COMpfun is a RAT (Remote Access Trojan) that belongs to the Turla hacking group and was first detected around 2014. The Turla APT (Advanced Persistent Threat) is believed to be a group of Russian individuals that are likely to be sponsored by the Kremlin (but this information is yet to be confirmed). The Turla hacking group tends to target high-profile individuals/organizations located in Russia and Belarus. The Turla APT has an impressive arsenal of hacking tools, and if you compare the COMpfun RAT to another one of their threats, the Reductor Trojan, you will see that the latter is far more threatening and complex. However, the COMpfun RAT is not to be estimated either as it can still enable the attackers to hijack a system and gain complete control over it.
Some of the features of the COMpfun RAT include:
- Capturing screenshots of the desktop and tabs of the compromised system.
- Uploading files.
- Downloading files.
- Executing files.
- Managing files.
- Running a keylogger that is programmed to send the collected data to the attackers over certain periods of time.
- Executing PowerShell scripts.
- Executing remote commands.
As we mentioned, the COMpfun RAT was first spotted in 2014, and at that time, this threat was rather innovative as it employed COM-hijacking (Component Object Module). This capability allowed the COMpfun RAT to remain under the radar of anti-malware tools as it injects itself into legitimate processes running on the system.
Despite the COMpfun RAT being somewhat outdated in the current year, it is safe to assume that it is still circulating the Web and claiming victims. However, anti-virus applications have developed greatly since 2014, and any reputable security solution will be able to detect and wipe off the COMpfun RAT from your system.