Symantec has warned against remote access Trojans, programmes that are installed on a user’s computer without their knowledge and allow attackers to access and control them from remote locations.
The difference between remote access tools and remote access Trojans is that the latter is installed secretly and used for malicious purposes.
There are many remote access tools, which are used for legitimate reasons such as technical support or connecting to a home or work computer while travelling.
The same useful features found in remote access tools can be used for malicious activity and a great deal of malware has been designed with this in mind.
Once these Trojans are installed on a victim’s computer they can allow an attacker to gain almost complete control of it.
“While there was a time when the use of creepware was relatively rare, it is now unfortunately becoming more common,” Symantec said. “Users of creepware can range from those who make money from extortion and fraud to those using the software for what they see as harmless fun or pranking, otherwise known as trolling.
“Unfortunately, creepware users may not see, or care about, the damage that can be caused by creepware. There are plenty of cases where innocent people have fallen prey to creepware and have been left traumatised or worse by their attackers.”
Creepware programmes, such as Pandora RAT, allow an attacker to gain access to files, processes, services, clipboard, active network connections, registry, and printers on a compromised computer.
Attackers can threaten to post stolen or recorded content online, and if this threat is carried out the victim’s reputation can be permanently damaged. The effects of this type of harassment and cyberbullying in general are long lasting and can even lead to suicide. Creepware, it would seem, is a cyberbully’s ideal tool.
Some programmes also allow an attacker to take screenshots; record webcam footage; record audio; log keystrokes; steal passwords; download files; open web pages; display onscreen messages; play audio messages using the text-to-speech function; restart the compromised computer; hide the taskbar; hide desktop icons; cause system failure/blue screen of death.
“Often consumers stick a piece of tape over the webcam on their laptop. Many have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams. These stories are true, and precaution against this type of activity is necessary,” Symantec says.
Symantec says that drive-by downloads, malicious links, exploit kits and peer-to-peer file-sharing are the main causes of RATs.
Drive-by downloads attack a user when they visit a visit, and unknowingly download the creepware onto their computer, while malicious links are often distributed through social media.
Exploit kits see potential victims visit compromised websites which then redirect them to the exploit’s server kit, where a script runs that will determine what exploits can be leveraged.
Creepware finds its way into files that are available on file-sharing websites, usually popular programmes or game cracks.
Symantec advises users to Keep antivirus definitions, operating systems, and software up-to-date, and avoiding opening emails from unknown senders and clicking on suspicious email attachments.
It also suggests exercising caution when clicking on links sent through email, instant messages, or posted on social networks. It advocates downloading files only from trusted and legitimate sources, and keeping webcam shutters closed when not in use.
