Security researchers at BlackBerry have recently reported a new RAT dubbed DarkCrystal RAT (also known as DCRat), and it’s a specifically designed and actively maintained RAT.
A large number of cybercriminal groups are offering this RAT for dirt cheap prices. This means that it is widely accessible to both professional criminal groups and beginners as well.
In spite of the fact that this remote access Trojan (RAT) appears to have been created by just one individual, it provides an impressively effective handmade tool for gaining access to systems on a low budget.
A two-month subscription to this backdoor would cost you about 500 Rubles which is less than 5 pounds or 6 dollars. When special promotions are running, the price can sometimes dip even lower.
It is evident that the author is not particularly motivated by profits, which makes the price range a curious feature.
DCRat was initially released in 2018, and it is a commercial Russian backdoor that is redesigned and relaunched a year later. A single person appears to be behind the development and maintenance of this threat using the pseudonyms presented below:-
In total, the DCRat product contains three components, and here below we have mentioned all the three components of DCRat:-
DCRat is a full-featured backdoor that is written in .NET. With DCRat, third-parties can develop plugins to extend the functionality of the tool further, which can be completed by using a dedicated IDE called DCRat Studio, developed by affiliates.
The flexibility of DCRat’s modular architecture and custom plug-in framework makes it exceptionally handy for use in a range of nefarious activities.
This includes the following things:-
A two-month license for the trojan starts at 500 RUB ($5), which is the general price for the trojan’s general use. While the further prices are mentioned below:-
Mandiant conducted an analysis in May 2020 which traced RAT’s host infrastructure on “files.dcrat[.]ru” but at present, the malware is hosted on a domain called “crystalfiles[.]ru” which is a different domain.
There is no real complex interface on the crystalfiles website and the website is intended to serve as a download point only. Further, clients and potential clients will find no other information or resources on the site.
Among the vectors that DCRat uses to spread throughout a host are:-
Moreover, the further capabilities of this RAT include:-
Apart from this, it is the Russian hacking forum lolz[.]guru through which all DCRat marketing and sales activity is carried out. In addition, there are some pre-sales queries that are handled by this same portal.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…
A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…
Google patched seven vulnerabilities in the Chrome browser on Tuesday, including two zero-day exploits that…
The source code and documentation of the Italian anti-piracy platform Privacy Shield have reportedly been…
Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities…
Guardio Labs has uncovered a significant vulnerability in Microsoft Edge, Microsoft's flagship web browser, that…