Dark Track

Darktrack received some publicity in late 2016 for being a free Remote Access Trojan (RAT) that was comparable to some of the top commercially available RATs. Darktrack has the ability to access a victim's webcam, microphone, files, and passwords. It can also execute commands on infected machines, and make infected computers participate in DDoS attacks.

Researchers were surprised by the robustness of the malware considering the price point. Unlike other free pieces of malware, Darktrack seemed to be functional, stealth, and was not back-doored by the creator of the malware.

Following this publicity, the creator of the malware shut down the website, citing concerns that the tool was being used as malware or for illegal activities.

Fast-forward to May 2017, Darktrack version 5.0 was used in a targeted spearphishing attack on the Ukrainian military. Like many spearphishing attacks, the malware pretends to be a Microsoft Word document. However, once opened, it would inject the malware into the svchost.exe process on the victim's computer and display a decoy document to distract the user.

Enabling the TSCritical targets to your user policy will add protection against Darktrack to your ThreatSTOP DNS and IP Firewall Services. If you do not have a ThreatSTOP account Sign up to try a demo. 

If you do have a ThreatSTOP account, instructions to add targets to DNS or IP Firewall policies are available on the ThreatSTOP Documentation Hub, or contact our Support team.