DCRat, an actively maintained malware, is available for sale at cheap prices on Russian hacking forums to professional and amateur cybercriminal groups.
DCRat on hacking forums
Researchers from BlackBerry claim that DCRat is the work of a lone threat actor. It is a surprisingly effective malicious tool for opening backdoors on targeted victims’ machines with less budget.
- It is written in DotNET by an individual codenamed ‘crystalcoder’ and ‘boldenis44.’
- The RAT is a full-featured backdoor whose functionalities are further augmented by third-party plugins created by affiliates using DCRat Studio, an Integrated Development Environment (IDE).
- Further, the author used JPHP with a Russian IDE named DevelNext to develop the RAT’s administration tool.
- Distribution vectors include Cobalt Strike Beacons and Prometheus TDS, a subscription-based crimeware-as-a-service used to spread different payloads.
The price of the RAT starts from 500 RUB ($5) for a two-month license, 2,200 RUB ($21) for a year, and 4,200 RUB ($40) for a lifetime subscription. According to the posts on forums, these prices may be reduced during special promotions.
The RAT was first released in 2018, version 3.0 on May 30, 2020, and version 4.0 was launched on March 18, 2021.
- All DCRat sales and marketing are done at lolz[.]guru forum, which handles some of the pre-sales queries as well.
- A Telegram channel, with about 2,847 subscribers, is actively used for communication and sharing details regarding software and plugin updates.
- Additionally, an implant is used to gather system metadata, support surveillance, perform reconnaissance, steal information, and perform DDoS attacks, among others.
DCRat’s code is being improved and maintained on a regular basis with availability at affordable prices. Thus, the RAT could be used by any novice cybercriminal. As for protection, always install a reliable anti-malware solution.