Nothing is free in this world.
If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax.
Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack.
Now, a Remote Access Trojan (RAT) builder kit that was recently spotted on multiple underground hacking forums for free found containing a backdoored module that aims to provide the kit’s authors access to all of the victim’s data.
Dubbed Cobian RAT, the malware has been in circulation since February of this year and has some similarities with the njRAT and H-Worm family of malware, which has been around since at least 2013.
According to ThreatLabZ researchers from Zscaler, who discovered the backdoored nature of the malware kit, the “free malware builder” is likely capable of allowing other wannabe hackers to build their own versions of the Cobian RAT with relative ease.
Once the criminals create their own version of malware using this free builder, they can then effectively distribute it via compromised websites or traditional spam campaigns to victims all over the world and is capable of recruiting affected devices into a malicious botnet.
The Cobian RAT then steals data on the compromised system, with the capability to log keystrokes, take screenshots, record audio and webcam video, install and uninstall programs, execute shell commands, use dynamic plug-ins, and manage files.
Cyber Criminals Want to Hack Wannabe Hackers
Now, if you get excited by knowing that all these capabilities offered by the original authors of the malware builder kit are free as they claim, you are mistaken.
Unfortunately, the custom RATs created using this free Cobian RAT malware builder kit has a hidden backdoor module, which silently connects to a Pastebin URL that serves as the kit authors’ command-and-control (C&C) infrastructure.
The backdoor, at any time, can be used by the original authors of the kit to issue commands to all RATs built on the top of their platform, eventually putting both wannabe hackers and compromised systems infected by them at risk.
“It is ironic to see that the second level operators, who are using this kit to spread malware and steal from the end user, are getting duped themselves by the original author,” Deepen Desai, senior director of security research at Zscaler, wrote in a blog post published Thursday.
“The original author is essentially using a crowdsourced model for building a mega Botnet that leverages the second level operators Botnet.”
The researchers also explain that the original Cobian developer is “relying on second-level operators to build the RAT payload and spread infections.”
The original author then can take full control of all the compromised systems across all the Cobian RAT botnets, thanks to the backdoor module. They can even remove the second-level operators by changing the C&C server information configured by them.
A recently observed unique Cobian RAT payload by the researchers reportedly came from a Pakistan-based defence and telecommunication solution website (that was potentially compromised) and served inside a .zip archive masquerading as an MS Excel spreadsheet.
The bottom line: Watch out the free online stuff very carefully before using them.