A new Remote Access Trojan (RAT), named Revenge, was released by an Arabic malware developer, going by the name Napoleon. Napoleon is currently freely spreading his product via underground hacking forums.
The RAT`s first version was published on June 28th in the Arabic hacking forum, Dev Point, from where users could download it for free. When it was first published, only 1 of all 54 VirusTotal`s scanners was able to detect it. Now, however, more than 40 of the scanners mark it as malicious.
As the security researcher, Rui says, Revenge v1 was a simple tool, written in Visual Basic, and its code was not obfuscated at all. Knowing this, researchers were even more surprised by the fact the VirusTotal`s scanners didn’t manage to flag it right away.
Unlike other similar RATs, Revenge didn’t have many working features. Its author even said that the RAT is still a work in progress and that’s why he was offering it for free. It is also possible that Napoleon wanted to build a reputation for him and his product before starting to offer it in exchange for money.
Two months after the v1 was released, on August 21st, Revenge v2 was available in another much more popular underground hacking forum. It had a lot more powerful features, compared to v1, but it was also offered for free.
This very much rose the forum`s members suspicion and they started to think Revenge was somehow infected or backdoored. However, after a following investigation on the RAT, they were proven wrong.
Revenge v2 is 20kb in size and has a lot of abilities, including starting remote desktop sessions, interacting with the victims` file manager, opening a remote shell, listing active windows. The RAT also features the ability to edit the victim’s Windows Registry, to manage the OS services, to list installed programs and to access the user’s webcam.
The Revenge RAT v2 includes other features as well, such as a keylogger, a host file editor, a password dumper, a clipboard manager, an OS startup management feature and a victim IP tracker.
Normally, it takes a year for a hacker to create a fully developed working RAT. Even though Revenge is still in its very first steps of development, its future versions may turn out to be a competition of such famous RATs like Ozone, Adwind, Orcus or Remcos.
Researchers also expect these future versions to include code obfuscation and anti-analysis protection so anti-malware products wouldn’t pick it up as a threat.
