Categories: Computer SecurityCyber CrimeCyber Security News

42-year-old man Arrested For Hacking More than 2,000 Computers From 50 countries With DarkComet RAT

A 42-year-old arrested by Ukraine police for infecting thousands of computer from 50 countries around the world using DarkComet RAT.

Ukraine police found an modified administrator version of the RAT installed on his computer and he distributed the client version of RAT.

The DarkComet RAT is capable of providing complete remote access to the infected computers, keystroke logging, file system access, spy on webcam, microphone, clipboard monitor, disable OS features, steal passwords and take screenshots.

The first version of DarkComet released in 2008 and now at version 4, it is a popular tool used by cybercriminals to gain remote access over the compromised machines. It is an all-in-one administration tool.

Ukraine cyberpolice specialists detected that an administrator-panel installed on his computer contains access to the computer infected by the RAT, its installation files, and controls to take a screenshot of victim machines.

How to Check That you are Infected – DarkComet RAT

Ukraine police provided instructions of how to check for the infection

Press the Windows key and R to bring the command

Type cmd and hit enter

In your command prompt type netstat -nao and enter, it will display active TCP connections, ports, and the process ID for each connection.

In the list of connection check for the connection to host 193.53.83.233 on port 1604 or 81.

If you find any connection with specified IP address then you will be infected with DarkComet RAT campaign, to mitigate victims would reinstall operating systems, use an antivirus or can contact information security professions for recovery.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Dark Web Hosting Provider Got Hacked, 6,500+ Sites Including Root Account Deleted From Server

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: computer securitycyber crimeCyber Security NewsDarkComet RAT
6 years ago

Recent Posts

Google’s SafetyCore App Secretly Scans All Photos on Android Devices

Recent revelations about Google’s SafetyCore app have ignited a firestorm of privacy debates, echoing Apple’s…

2 hours ago

New “nRootTag” Attack Turns 1.5 Billion iPhones into Free Tracking Tools

Security researchers have uncovered a novel Bluetooth tracking vulnerability in Apple’s Find My network –…

3 hours ago

Authorities Arrested Hacker Behind 90 Major Data Breaches Worldwide

Cybersecurity firm Group-IB, alongside the Royal Thai Police and Singapore Police Force, announced the arrest…

4 hours ago

Cisco Nexus Vulnerability Allows Attackers to Inject Malicious Commands

Cisco Systems has issued a critical security advisory for a newly disclosed command injection vulnerability…

7 hours ago

New Wi-Fi Jamming Attack Can Disable Specific Devices

A newly discovered Wi-Fi jamming technique enables attackers to selectively disconnect individual devices from networks…

7 hours ago

GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts

GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that…

9 hours ago