Symantec defines emerging cyber threat – Remote Access Trojans, and provides best practice tips
Often consumers stick a piece of tape over the webcam on their laptop. Many have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams. These stories are true, and precaution against this type of activity is necessary.
Remote access Trojans (RATs), or what Symantec is calling creepware, are programs that are installed without the victim’s knowledge, and allow an attacker to have access and control of the compromised computer from a remote location.
What is creepware
The acronym RAT is one that is often used when talking about a piece of software that allows someone to control a computer from a remote location. RAT can be an abbreviation for any of the following: Remote Access/Administration Tool or Remote Access/Administration Trojan.
The difference between remote access tools and remote access Trojans is that the latter is installed secretly and used for malicious purposes. There are many remote access tools, which are used for legitimate reasons such as technical support or connecting to a home or work computer while travelling etc. Unfortunately the same useful features found in remote access tools can be used for malicious activity and a great deal of malware has been designed with this in mind; these programs are called remote access Trojans. Once these Trojans are installed on a victim’s computer they can allow an attacker to gain almost complete control of it.
What’s the big deal
While there was a time when the use of creepware was relatively rare, it is now unfortunately becoming more common. Users of creepware can range from those who make money from extortion and fraud to those using the software for what they see as harmless fun or pranking, otherwise known as trolling.
Unfortunately, creepware users may not see, or care about, the damage that can be caused by creepware. There are plenty of cases where innocent people have fallen prey to creepware and have been left traumatized or worse by their attackers.
Attackers can threaten to post stolen or recorded content online, and if this threat is carried out the victim’s reputation can be permanently damaged. The effects of this type of harassment and cyberbullying in general are long lasting and can even lead to suicide. Creepware, it would seem, is a cyberbully’s ideal tool.
What can creepware do
Creepware programs, such as Pandora RAT, allow an attacker to gain access to the following items on a compromised computer: Files, Processes, Services, Clipboard, Active network connections, Registry, Printers. Some programs also allow an attacker to: Remotely control the compromised desktop; Take screenshots; Record webcam footage; Record audio; Log keystrokes; Steal passwords; Download files; Open Web pages; Display onscreen messages; Play audio messages using the text-to-speech function; Restart the compromised computer; Hide the taskbar; Hide desktop icons; Cause system failure/blue screen of death.
Creepware has many different uses including:
- Voyeurism:Attackers use the victim’s webcam and/or microphone to secretly record them.
- Information/file stealing: Information such as banking details or passwords and files such as pictures and videos can be copied or deleted.
- Blackmail: Pictures or videos stolen from the computer, or recorded using the webcam, are used to force the victim into posing for explicit pictures or videos, or coercing money from the victim.
- Trolling: The attackers use creepware to cause the computer to behave strangely by opening pornographic or shocking websites, displaying abusive messages, or in some cases causing system damage all for their amusement.
- Using computer for DDoS attacks, etc.: Compromised computers can be used to carry out distributed denial of service (DDoS) attacks, bitcoin mining, or other functions where it may be beneficial for the attacker to use victims’ resources.
What can users do to protect themselves
The following methods may be used to infect computers with creepware:
- Drive-by downloads: By visiting a website, the user unknowingly downloads the creepware onto their computer
- Malicious links: Malicious links, leading to websites hosting drive-by downloads, are distributed using social media, chat rooms, message boards, spam email etc. The attacker may also hack user accounts to make it seem like the link is being sent by a friend. Others may try to lure victims by posting enticing messages.
- Exploit kits: Potential victims may visit compromised websites or click on malicious links and are then redirected to the exploit kit’s server where a script runs that will determine what exploits can be leveraged. If an exploit is viable, the victim is infected with the creepware and the attacker is notified.
- Peer-to-peer file-sharing/torrents: The creepware server installer is packaged with a file, usually a popular program or game crack, and shared on a file sharing site. Once the file is executed, the creepware server module is installed.
To stay protected against creepware, Symantec recommends users to:
- Keep antivirus definitions, operating systems, and software up-to-date.
- Avoid opening emails from unknown senders and clicking on suspicious email attachments.
- Exercise caution when clicking on enticing links sent through email, instant messages, or posted on social networks.
- Only download files from trusted and legitimate sources.
- Be suspicious of unexpected webcam activity. When you’re not using the webcam, keep the shutter closed, if your webcam doesn’t have a shutter, use a piece of tape to cover it when not in use.
In today’s world, computers play an important role in our lives and the idea that such a ubiquitous tool could be used by an attacker to invade our privacy is a scary thought. While creepware is capable of causing a great deal of damage, taking appropriate defensive steps can keep you protected. By having good up-to-date security software and following some basic best practices we can all keep the creeps out of our computers.