42-year-old man Arrested For Hacking More than 2,000 Computers From 50 countries With DarkComet RAT

A 42-year-old arrested by Ukraine police for infecting thousands of computer from 50 countries around the world using DarkComet RAT.

Ukraine police found an modified administrator version of the RAT installed on his computer and he distributed the client version of RAT.

DarkComet RATDarkComet RAT

The DarkComet RAT is capable of providing complete remote access to the infected computers, keystroke logging, file system access, spy on webcam, microphone, clipboard monitor, disable OS features, steal passwords and take screenshots.

The first version of DarkComet released in 2008 and now at version 4, it is a popular tool used by cybercriminals to gain remote access over the compromised machines. It is an all-in-one administration tool.

Ukraine cyberpolice specialists detected that an administrator-panel installed on his computer contains access to the computer infected by the RAT, its installation files, and controls to take a screenshot of victim machines.

How to Check That you are Infected – DarkComet RAT

Ukraine police provided instructions of how to check for the infection

Press the Windows key and R to bring the command

Type cmd and hit enter

In your command prompt type netstat -nao and enter, it will display active TCP connections, ports, and the process ID for each connection.

In the list of connection check for the connection to host 193.53.83.233 on port 1604 or 81.

If you find any connection with specified IP address then you will be infected with DarkComet RAT campaign, to mitigate victims would reinstall operating systems, use an antivirus or can contact information security professions for recovery.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Dark Web Hosting Provider Got Hacked, 6,500+ Sites Including Root Account Deleted From Server

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

3 minutes ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

8 minutes ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

15 minutes ago

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…

20 minutes ago

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…

1 hour ago

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…

1 hour ago