RAT scurries through Skype, bites Syrian activists

By

BlackShades Remote Access Tool monitors keystrokes, drops malware, and takes screenshots.

A new remote access trojan (RAT) that contains surveillance capabilities is targeting anti-regime activists in Syria, the site of continuing violent conflicts.

RAT scurries through Skype, bites Syrian activists

Known as BlackShades, the tool was distributed via instant messages from hacked Skype accounts.

The attackers were  luring dissidents into installing the malware by pretending to be a trusted contact on Skype and encouraging them to download a .pif file that claims to be an important video, according to The Citizen Lab, a research group based at the University of Toronto which studies the cross between cyber security and human rights.

Once installed, the tool drops malicious programs that can remotely log keystrokes and take screenshots, according to the Electronic Frontier Foundation, a nonprofit digital advocacy group that coordinated with The Citizen Lab on the discovery.

"Evidence suggests that this campaign is being carried by the same pro-Syrian-government hackers responsible for the fake YouTube attack we reported in March, which lured Syrian activists in by advertising pro-opposition videos, stole their YouTube login credentials by asking them to login before leaving a comment, and installed surveillance malware disguised as an Adobe Flash Player update," the EFF's Eva Galperin and Morgan Marquis-Boire wrote in a blog post on Tuesday.

The post said that removing the trojan may not necessarily eliminate the threat because the attackers may have installed additional malicious code while they had control of the victim's machine.

"EFF urges Syrian activists to be especially cautious when downloading files over the internet, even in links that are purportedly sent by friends," Galperin and Marquis-Boire wrote. "As members of the Syrian opposition become more savvy in using encryption, satellite networks, and other tools to evade the Assad regime's extensive internet surveillance capabilities, pro-Syrian-government malware campaigns have increased in frequency and sophistication."

Opposition activists in Syria have been regularly targeted by malware this year, namely the Dark Comet RAT.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
blackshadeshackingmalwareratsecurity

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?