Researchers from Blackberry have discovered a redesigned remote access trojan DCRat that a lone cyber criminal is now offering as a homemade tool for opening “backdoors on a budget.”
Also known as DarkCrystal RAT, DCRat was first released in 2018 as a commercial Russian backdoor that was re-launched in 2019.
Blackberry said that likely a single person (also going by names “boldenis44,” “crystalcoder,” and “Coder”) developed the effective homemade tool DCRat.
“Sold predominantly on Russian underground forums, DCRat is one of the cheapest commercial RATs we’ve ever come across,” Blackberry wrote in a blog post.
“The price for this backdoor starts at 500 RUB (less than 5 GBP/US$6) for a two-month subscription, and occasionally dips even lower during special promotions. No wonder it’s so popular with professional threat actors as well as script kiddies.”
According to Blackberry, DCRat consists of three primary components: a stealer/client executable, a single PHP page (used as command-and control endrpoint or interface), and an administrative tool.
Readers can check out more detail in the report regarding DCRat, to include indicators of compromise, the malware build, the author, the admin tool, and more.