Categories: Computer SecurityCyber CrimeCyber Security News

42-year-old man Arrested For Hacking More than 2,000 Computers From 50 countries With DarkComet RAT

A 42-year-old arrested by Ukraine police for infecting thousands of computer from 50 countries around the world using DarkComet RAT.

Ukraine police found an modified administrator version of the RAT installed on his computer and he distributed the client version of RAT.

The DarkComet RAT is capable of providing complete remote access to the infected computers, keystroke logging, file system access, spy on webcam, microphone, clipboard monitor, disable OS features, steal passwords and take screenshots.

The first version of DarkComet released in 2008 and now at version 4, it is a popular tool used by cybercriminals to gain remote access over the compromised machines. It is an all-in-one administration tool.

Ukraine cyberpolice specialists detected that an administrator-panel installed on his computer contains access to the computer infected by the RAT, its installation files, and controls to take a screenshot of victim machines.

How to Check That you are Infected – DarkComet RAT

Ukraine police provided instructions of how to check for the infection

Press the Windows key and R to bring the command

Type cmd and hit enter

In your command prompt type netstat -nao and enter, it will display active TCP connections, ports, and the process ID for each connection.

In the list of connection check for the connection to host 193.53.83.233 on port 1604 or 81.

If you find any connection with specified IP address then you will be infected with DarkComet RAT campaign, to mitigate victims would reinstall operating systems, use an antivirus or can contact information security professions for recovery.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Dark Web Hosting Provider Got Hacked, 6,500+ Sites Including Root Account Deleted From Server

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: computer securitycyber crimeCyber Security NewsDarkComet RAT
6 years ago

Recent Posts

GitLab Patches HTML Injection Flaw Leads to XSS Attacks

GitLab has announced the release of critical security updates for its Community Edition (CE) and…

4 hours ago

Xerox Printers Vulnerable to Remote Code Execution Attacks

Multiple Xerox printer models, including EC80xx, AltaLink, VersaLink, and WorkCentre, have been identified as vulnerable…

6 hours ago

Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance…

7 hours ago

Google Patches Multiple Chrome Security Vulnerabilities

Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious…

8 hours ago

Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635…

1 day ago

Threat Actors Allegedly Selling Database of 1,000 NHS Email Accounts

A database containing over 1,000 email accounts associated with the National Health Service (NHS) has…

1 day ago