The Arabic-speaking malware developer Napoleon has released a new version of the Remote Acess Trojan (RAT) called Revenge. It is being distributed free of charge via underground hacker communities.
Revenge Could Be Used in the next Major Cyber Attack
The first version of the Revenge malware has been released on June 28 on a famous hacker forum that is visited mainly by Arabic-speaking users. When the RAT emerged only one of the 54 virus scanners on Virus Total were able to detect it. Since then virus definitions for the majority of security software have been updated to reflect Revenge.
The first iteration is a simple malware written in Visual Basic which isn’t feature-rich as some of its competitors. The newer version which was released on another hacker forum, however, is more formidable. Revenge v0.2 can open a shell for remote access and execution of arbitrary code, interact with the file manager of the victim machines and even manage services controlled by the operating system.
The RAT can track the victim’s IP address, utilize keylogger and clipboard monitoring. Revenge can also access the user’s webcam and take videos and snapshots of the users.
Security experts note that such advanced features usually take a few years to develop into a single package. The Trojan has developed a lot of functions that can be used against victims at such an early stage of development. Subsequent versions of the malware pay pose an even bigger danger.
Likely updates include code obfuscation and anti-analysis protection to the infection from anti virus and anti malware tools.