Categories: NewsSecurity

Cobian Remote Access Trojan Has a Nasty Backdoor

Whenever cybercriminals offer free tools to the rest of the world, one always needs to be suspicious. The new Cobian Remote Access Trojan, for example, is provided free of charge on underground hacking forums. However, it comes with a backdoor that aims to provide the original developer access to all of the victim’s data. This is a very sneaky way of letting others do the dirty work. The Cobian RAT has been in circulation since February of this year, although it is unclear how much information has been collected so far.

The Cobian RAT is a Poisoned Apple

You should never look a gift horse in the mouth, though it wouldn’t hurt to conduct your own research anyway. This is especially true when someone tries to provide you with free software to conduct nefarious activities without asking for anything in return. Nothing in life is truly free. If the advertised tool is indeed as harmful as the developer claims, there is no real reason for him or her to share it with the rest of the world without asking money for it. The

Cobian RAT is seemingly capable of letting others build their own malware with relative ease. Unfortunately, it also leaves something behind in all of those creations.

This “free malware builder’ allows other users to create their own versions of the Cobian RAT with custom settings. It is similar to how most ransomware-as-a-service toolkits operate. Once a criminal uses this free builder to develop his or her own malware, they can effectively distribute it to victims all over the world. The main objective is to steal and compromise data on target devices. Unfortunately for the people creating their own RATs, their newly-created malware also connects to a Pastebin URL under the control of the original developer.

Through this Pastebin URL, the developer can issue new commands to all RATs built on top of the original platform. So far, it seems over 4,000 systems have been infected with Cobian RAT types that are not the original code. Research seemingly indicates that two people have access to this Pastebin URL as of now. These individuals are the original Cobian developer and the person distributing the customized

Related Post
RAT. All of the collected data from victims’ computers are exposed to these two individuals as well. Indeed, these cybercriminals let others do their dirty work for them.

Luckily, it appears the Cobian RAT is not without its flaws. There are several bugs, and some features which just do not work whatsoever. That is pretty unusual for a malware focusing on logging information first and foremost. For one, any computer user who types above the average speed will be somewhat safe from harm. That’s because the keylogger is incapable of capturing all of the keystrokes correctly, which is not a positive sign for anyone looking to utilize this code. It may also explain why Cobian is offered for free.

Additionally, it appears there has not been too much interest in Cobian so far. Researchers have not noticed any of these versions in the wild other than a few individual infections related to this keylogger. When the malware was delivered successfully, it was distributed through a compromised website. Compromising websites and update servers has also become a popular way to distribute ransomware lately.

For all of its shortcomings, Cobian is still a threat to be reckoned with. It is not all that different from what its competitors provide to the masses, even though it has a few bugs and a backdoor. All of the standard malware features one would expect to find are present in Cobian. Now that the backdoor has been exposed, however, it is believed very few criminals will show any interest in Cobian moving forward. After all, no one wants to risk exposing data to other criminals.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale: DEBO Takes the Spotlight as DOGE, SHIB, and WIF Slide

DOGE, SHIB, and WIF have experienced significant declines in their prices recently. For example, DOGE…

4 mins ago

Sunday Surge Incoming! The 5 Best Crypto to Buy Now for Massive Weekend Profits!

It’s beginning to look like altcoins (TOTAL3) are going absolutely wild, with a bullish fractal…

10 mins ago

Litecoin and Solana Investors Turn to 1Fuel as a Top Contender for the Next Crypto Bull Run

Litecoin (LTC) and Solana (SOL) had pretty average performances throughout 2024 before finally regaining their…

15 mins ago

Dogecoin Faces Decline as 1Fuel’s Cross-Chain Utility Captures Smart Money

Dogecoin, the largest memecoin and one of the top cryptocurrencies by market cap has slowed…

21 mins ago

5 Reasons Why Remittix (RTX) Is Being Called the Best Crypto Presale to Buy Now

Remittix’s revolutionary PayFi solution is taking the DeFi market by storm. Remittix allows users to…

30 mins ago

Polygon and Bitcoin Cash Are ‘Dinosaurs’: High Upside Potential Pushes DTX Exchange on Top  

The blockchain revolution has been fueled by a combination of early adopters and hopeful neophytes,…

36 mins ago