Security researcher warns on remote administration tools (RATs)

Krebs cites a McAfee blog from last week that included details about a cross-platform RAT called IncognitoRAT and which, because it is Java based, can also run under Linux, Mac and Windows.

After researching the new RAT software, Krebs says that IncognitoRAT has actually been around since last year, when it was found being used to remotely control a Mac system.

"The kit also includes an app that allows customers to control botted systems via jailbroken iPhones", he said, adding that Incognito now ships with an app that lets customers control infected computers from an iPhone.

The YouTube video, he says, is a little blurry, but if you view it full-screen and watch carefully, you will see a sequence in the video that shows how the RAT can be used to send email alerts to the attacker.

"The person making this video is using Gmail; we can see a list of his Gchat contacts on the left; and his IP address at the bottom of the screen. That IP traces back to a Sympatico broadband customer in Toronto, Canada, which matches the hometown displayed in the YouTube profile where this video was hosted", he says in his latest security blog.

Krebs goes on to say that a Gmail user called `Carlo Saquilayan' is included in the Gchat contacts visible in the video.

"The IncognitoRAT kit is sold on a English-language script kiddie hacker forum called by `Mr. Incognito', but acquaintances on the forum refer to him as `Carlo.' Carlo describes himself on HackForums as a 19-year-old college student", he said.

"He did not respond to repeated requests for comment. Anyway, so much for going incognito: This Facebook account belongs to a Carlo Saquilayan from Toronto, Ontario, and includes a nice picture of a young man in sunglasses and a leather jacket", he added.



What’s hot on Infosecurity Magazine?