DarkComet RAT Flames Out

The author of DarkComet, one of the more notorious remote administration tools in use today, has said that he is ending development and sales of the tool after finding out that DarkComet was used by the Syrian government in attacks against anti-government activists. 

The author of DarkComet, one of the more notorious remote administration tools in use today, has said that he is ending development and sales of the tool after finding out that DarkComet was used by the Syrian government in attacks against anti-government activists. 

DarkComet is one of a handful of commercially available RATs, many of which are advertised as benign tools for use by administrators to control remote machines. But many of the tools of course are used by attackers to compromise and control victims’ machines as part of targeted attacks or other campaigns. DarkComet most recently was named as the tool being used by people inside the Syrian government to keep tabs on citizens who were anti-government activists.

That episode, apparently, has put a bad taste in the mouth of DarkcoderSC, the pseudonymous developer who created DarkComet. In a message posted on his site, the DarkComet author said that the use of his RAT for malicious purposes by hacking groups was a major factor in his decision to kill DarkComet and some of his other similar projects. 

“Unlike what a handful of people think i never cautioned small/huge hacker groups who used my software wrongly, my goals always where to provide acces to tools more powerful than any paying/private existing tool in terms of security and all for free!” he said in his statement.

“Why did i take such decision? Like it was said above because of the misuse of the tool and unlike so many of you seem to believe i can be held responsible of your actions, and if there is something i will not tolerate is to have to pay the consequences for your mistakes and i will not cover for you.”

Privacy advocates and watchdog groups warned months ago about the use of various versions of DarkComet in attacks against activists. Some of the attacks were disguised as downloads of Skype encryption.

In the meantime, this application installs the DarkComet remote access tool on your computer. DarkComet allows an attacker to capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, and steal passwords from your computer,” the EFF said in a blog post at the time of the anti-government attacks.

The end of life for DarkComet is a piece of good news in the fight against malware and attack tools, but people looking for software to use in attacks won’t have much trouble finding similar tools to use. Other toolkits such as Gh0stRAT, Shady RAT and Poison Ivy all are available in various places and there always are others for sale on the underground, as well.

Suggested articles