orcus-rat-feature-image

Is Popular Remote Admin Tool Actually a Remote Access Trojan

Security expert and leading investigative journalist Brian Krebs, in collaboration with security professional Daniel Gallagher, has recently discovered that a popular remote administration tool known as “Orcus RAT” is actually exhibiting the sort of behavior which is generally associated with a remote access trojan – a nasty piece of malware. [RAT: Wikipedia]

Brian tells the story of suspicions surrounding the Orcus RAT software and how he uncovered the identity of the developer –  trust me, it is an enlightening read:

krebs on security

Far too many otherwise intelligent and talented software developers these days apparently think they can get away with writing, selling and supporting malicious software and then couching their commerce as a purely legitimate enterprise. Here’s the story of how I learned the real-life identity of Canadian man who’s laboring under that same illusion as proprietor of one of the most popular and affordable tools for hacking into someone else’s computer.

Earlier this week I heard from Daniel Gallagher, a security professional who occasionally enjoys analyzing new malicious software samples found in the wild. Gallagher said he and members of @malwrhunterteam and @MalwareTechBlog recently got into a Twitter fight with the author of Orcus RAT, a tool they say was explicitly designed to help users remotely compromise and control computers that don’t belong to them.

The author of Orcus — a person going by the nickname “Ciriis Mcgraw” a.k.a. “Armada” on Twitter and other social networks — claimed that his RAT was in fact a benign “remote administration tool” designed for use by network administrators and not a “remote access Trojan” as critics charged. Gallagher and others took issue with that claim, pointing out that they were increasingly encountering computers that had been infected with Orcus unbeknownst to the legitimate owners of those machines.

Scroll to Top