Categories: NewsSecurity

Cobian Remote Access Trojan Has a Nasty Backdoor

Whenever cybercriminals offer free tools to the rest of the world, one always needs to be suspicious. The new Cobian Remote Access Trojan, for example, is provided free of charge on underground hacking forums. However, it comes with a backdoor that aims to provide the original developer access to all of the victim’s data. This is a very sneaky way of letting others do the dirty work. The Cobian RAT has been in circulation since February of this year, although it is unclear how much information has been collected so far.

The Cobian RAT is a Poisoned Apple

You should never look a gift horse in the mouth, though it wouldn’t hurt to conduct your own research anyway. This is especially true when someone tries to provide you with free software to conduct nefarious activities without asking for anything in return. Nothing in life is truly free. If the advertised tool is indeed as harmful as the developer claims, there is no real reason for him or her to share it with the rest of the world without asking money for it. The

Cobian RAT is seemingly capable of letting others build their own malware with relative ease. Unfortunately, it also leaves something behind in all of those creations.

This “free malware builder’ allows other users to create their own versions of the Cobian RAT with custom settings. It is similar to how most ransomware-as-a-service toolkits operate. Once a criminal uses this free builder to develop his or her own malware, they can effectively distribute it to victims all over the world. The main objective is to steal and compromise data on target devices. Unfortunately for the people creating their own RATs, their newly-created malware also connects to a Pastebin URL under the control of the original developer.

Through this Pastebin URL, the developer can issue new commands to all RATs built on top of the original platform. So far, it seems over 4,000 systems have been infected with Cobian RAT types that are not the original code. Research seemingly indicates that two people have access to this Pastebin URL as of now. These individuals are the original Cobian developer and the person distributing the customized

Related Post
RAT. All of the collected data from victims’ computers are exposed to these two individuals as well. Indeed, these cybercriminals let others do their dirty work for them.

Luckily, it appears the Cobian RAT is not without its flaws. There are several bugs, and some features which just do not work whatsoever. That is pretty unusual for a malware focusing on logging information first and foremost. For one, any computer user who types above the average speed will be somewhat safe from harm. That’s because the keylogger is incapable of capturing all of the keystrokes correctly, which is not a positive sign for anyone looking to utilize this code. It may also explain why Cobian is offered for free.

Additionally, it appears there has not been too much interest in Cobian so far. Researchers have not noticed any of these versions in the wild other than a few individual infections related to this keylogger. When the malware was delivered successfully, it was distributed through a compromised website. Compromising websites and update servers has also become a popular way to distribute ransomware lately.

For all of its shortcomings, Cobian is still a threat to be reckoned with. It is not all that different from what its competitors provide to the masses, even though it has a few bugs and a backdoor. All of the standard malware features one would expect to find are present in Cobian. Now that the backdoor has been exposed, however, it is believed very few criminals will show any interest in Cobian moving forward. After all, no one wants to risk exposing data to other criminals.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Retail Traders Panic Sell During ‘Fake Dip’; Whales Hold Tight to SOL, DTX, and SHIB for a Millionaire-Maker Bull Run

Solana (SOL): A Strong Ecosystem Despite Volatility Solana (SOL) has been all over the place…

28 mins ago

Llama 3.2 Predicts Price For Dogecoin: $2 Peak By 2025 And $5 Rally For DTX Exchange This Winter

Cryptocurrency trends are keen on the forecast that was recently released by Llama 3.2 model…

1 hour ago

Crypto Whale Sparks 8x Surge In $OPK Price with Massive Buy-in

A mysterious crypto whale, who previously invested 9,600 SOL into tokens $Pnut and $FRED, has…

3 hours ago

Early ENS Investor Transfers $2.47M To Binance Amid Upcoming Token Unlocks

An early investor linked to the $ENS token recently transferred 154,000 ENS tokens, valued at…

3 hours ago

Wintermute’s Memecoin Strategy: BABYDOGE Ranks Among Top 3 Holdings

In a surprising turn, $BABYDOGE has climbed to the top three in Wintermute’s memecoin holdings…

3 hours ago

$Pnut’s Meteoric Rise: How A Tragic Squirrel Inspired A Memecoin Sensation

The $Pnut memecoin recently soared past a $120 million market cap, creating unexpected wealth for…

3 hours ago