Egyptian Hacker Uses njRAT Codebase to Create KillerRat — The RAT goes completely hidden upon scanning.

A new Remote Access Trojan/RAT has been created by an Egyptian hacker, which is so powerful that it lets hackers run their operations with advanced spying powers and without getting identified.

The most interesting is that the old structure of the njRAT toolkit has been used to create this new powerful Trojan dubbed as KillerRat.

Thus, this new spying tool is just a refurbished version of the njRAT spyware (click here to read what is a njRAT) but with highly enhanced spying powers.

That is so because njRAT’s spying powers could only target Android devices and could not access Windows-based devices. On the other hand, KillerRat has been designed specifically with one aspect in mind, that is, to take over Windows PCs.

hacker-develops-undisputed-killerrat-to-spy-on-windows-pcs
ESET, the only AV who found the RAT file infected / Image Source: Alien Vault

AlienVault, a cyber security vendor, identified this new spyware and conducted an in-depth analysis of the threat and confirmed that KillerRat shares codebase of njRAT.

AlienVault is of the opinion that KillerRat has amazing spying capabilities and allows attackers to interact with the local filesystem, local processes and local registry of the victim along with executing shell commands on the targeted PC.

Moreover, Vault observed that KillerRat can steal passwords from the victim’s browser, enable keylogging function, activate webcam and record real-time feed on the victim’s PC, initiate a remote desktop session and use the victim’s PC as a proxy device for their network traffic.

KillerRat can also launch DDoS attacks and open a webpage in the user’s browser along with running custom scripts and infecting the PC with numerous other malware.

That is not all; KillerRat is also capable of transmitting the collected data to a command and control server.

As per AlienVault’s analysis, this new spyware has only been detected only by one antivirus firm out of 35.

Another notable aspect is that the creator of KillerRat did not keep his identity hidden and, in fact, has left his real name and link to his personal Facebook page in the About section of KillerRat.

KilerRat_1-down
Screenshot shows the RAT’s ability to perform several operation without detection / Image Source: Ibrahim’s Facebook Profile

When we followed that link, we landed on the Facebook profile page of Ahmed Ibrahim.

From Ibrahim’s timeline on Facebook, we acquired the information that KillerRat V4.0.1 was released on Oct 30 whereas its previous versions were also released the same month, v3.1.6 on Oct 23 and v2.9.6 on Oct 18.

Also revealed was the fact that apart from KillerRat, Ibrahim is working on another tool called Wedges Worm.

At HackRead, our security writers have been reporting on the dangers of Remote Access Trojan (RAT) which sits behind your OS, records and send the sessions to the attacker.

One report that shock the readers was about the Canadian couple who had their laptop camera hacked with the help of RAT and recorded each and everything they did in their room.

However, KillerRat is not the only RAT making it to the news this month. A week ago, researchers discovered OmniRAT with the ability to hack Mac, Linux, Windows PC and even the Android Phones.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.