The Zscaler ThreatLabZ research team has spotted a new remote access Trojan (RAT) family called Cobian RAT that contains a backdoor module, which retrieves command and control (C&C) information from a predetermined URL that is controlled by the original author.Â
According to the Zscaler report, the RAT builder for this family was discovered as a free offering in cybercriminal underground forums and had similarities to the njRAT/H-Worm family, thus potentially built from leaked njRAT code.
The original author appears to use a crowdsourcing model for building a “mega Botnet” through second level operators Botnet via the backdoor module.