image
The developers behind a commodity remote-access tool (RAT) that allows full control of a victim’s computer has been taken down by Australian and global authorities. The Imminent Monitor RAT (IM-RAT) first appeared in 2012, the work of a developer going by the handle of “Shockwave,” according to researchers at Palo Alto Networks’ Unit 42 division. The RAT was sold via a company calling itself “Imminent Methods.” Advertised as “the fastest remote administration tool ever created using new socket technology that has never been used before,” Unit 42 said that IM-RAT offered full remote-desktop access. That included the ability to access files, processes, Windows manager, Window Registry and the clipboard and the ability to run commands from the command bar. It was licensed to each customer for a $25 fee. Shockwave claimed that the RAT was a legitimate remote-desktop utility, but Unit 42 researchers pointed out that some of its features directly contradicted that assertion. For instance, one of the RAT’s plugins allows users to turn the webcam light off while monitoring. Another version (3.0) of Imminent Monitor introduced the ability to run a cryptocurrency miner on the victim machine. Also, the keylogger keeps its activities hidden from the desktop owner and encrypted. “A crypter, allowing a ‘Fully UnDetectable’ (FUD) client, only has one purpose: To attempt to evade antivirus detection,” according to Unit 42’s analysis, posted Monday. Still, “we at Imminent Methods are not…

Source