Trojan that Supports Windows 8

Friday, November 2, 2012 @ 11:11 AM gHale

While some anti-virus vendors have problems with Microsoft’s newest operating system, the cyber crime community has already jumped on the Windows 8 bandwagon.

In one case, on a Google-hosted site, someone can pay almost $52 for a “Remote Administration Tool” called Xtreme RAT, which is already Windows-8-compatible and comes with a free update.

Tracking Software Settlement
Pushdo Trojan a Master of Disguise
Warning: Google Alert Contains Trojan
Cross-Platform Trojan Steals Passwords

The list of built-in functions makes it clear the developers were not offering a tool that provides simple administration of remote computers. The tool includes, among other functions, a keylogger which can store the recorded keystrokes to any FTP server and can capture passwords from all major browsers.

Xtreme RAT can also transmit the screen contents to the “admin” and tap webcams and microphones. The developer advertises his tool can trick Data Execution Prevention (DEP) and the latest version works with the Cryptem, which are special programs that change executable files to impede detection by antivirus software.

On a virtual machine test run security researchers at heise Security, the Xtreme RAT server software ended up immediately quarantined by Windows Defender. At VirusTotal, the RAT ended up detected by 38 of the 43 virus scanners, but for an additional $130 the developer is offering a “Fully Undetectable” version (FUD) which promises to get by virus scanners.

A report by Trend Micro found users who’s computers were hit with the RAT tool might not always completely agree with it. Xtreme RAT was part of a cyber attack against the Israeli police which forced all police computers temporarily offline.

Leave a Reply

You must be logged in to post a comment.