Lost Door RAT Gets Distributed Via Facebook, YouTube And Blogspot

Over the past nine years, the Tunisian hacker OussamiO has been distributing his Remote Access Trojan (RAT) via adverts on the Dark Web and famous networks like Facebook, YouTube and Google’s Blogspot.

According to Trend Micro security experts, OussamiO has created the Lost Door RAT in 2007, though he hasn’t shied away from advertising his software on the public Internet, unlike many of his fellow malware developers who prefer keeping their operations hidden.

The main point of operation for OussamiO’s activity is his Blogspot blog, where he publishes about new Lost Door versions, upcoming updates, usage tricks and tutorial videos, which he brazenly hosts on YouTube.

Apart from the adverts on the Dark Web on underground hacking forums from Brazil, China, and Russia, the hacker is very active on Facebook, where he runs his own page.

If anoyone wants to buy his malware, they have to get in contact with him via email, either Yahoo or Gmail. The price of RAT is not publicly available, however, similar tools sell between $10 and $50 depending on their capabilities.

When it comes to the RAT itself, Trend Micro claims that it might be difficult for security solutions to detect its activity, considering the way it operates.

Lost Door arrives with a builder, meaning that anyone who buys it, gets a number of options to create a unique-looking and operating malware. Besides, the detection of RAT is made more difficult because of the way it hides traffic.

Lost Door leverages the routers’ Port Forward feature, a tactic also used by DarkComet. By abusing this feature, a remote attacker can gain access to the server side of a private network whether at home or in an office,” the team of Trend Micro said.

This also means that any malicious traffic or communication can be passed off as normal/internal, thereby helping attackers mask their C&C address, since the server side does not directly connect to it.”

After Lost Door is deployed, a hacker would get the chance to access files, download and upload content from the computer, install and run any type of software, access webcam streams, log keystrokes, and virtually take control over the entire OS.

According to OussamiO, he has tested his RAT on all major Windows versions, from XP up to Windows 10. However, what is more interesting here is the fact that neither Facebook nor Google have erased the hacker’s public pages yet.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.