42-year-old man Arrested For Hacking More than 2,000 Computers From 50 countries With DarkComet RAT

A 42-year-old arrested by Ukraine police for infecting thousands of computer from 50 countries around the world using DarkComet RAT.

Ukraine police found an modified administrator version of the RAT installed on his computer and he distributed the client version of RAT.

The DarkComet RAT is capable of providing complete remote access to the infected computers, keystroke logging, file system access, spy on webcam, microphone, clipboard monitor, disable OS features, steal passwords and take screenshots.

The first version of DarkComet released in 2008 and now at version 4, it is a popular tool used by cybercriminals to gain remote access over the compromised machines. It is an all-in-one administration tool.

Ukraine cyberpolice specialists detected that an administrator-panel installed on his computer contains access to the computer infected by the RAT, its installation files, and controls to take a screenshot of victim machines.

How to Check That you are Infected – DarkComet RAT

Ukraine police provided instructions of how to check for the infection

Press the Windows key and R to bring the command

Type cmd and hit enter

In your command prompt type netstat -nao and enter, it will display active TCP connections, ports, and the process ID for each connection.

In the list of connection check for the connection to host 193.53.83.233 on port 1604 or 81.

If you find any connection with specified IP address then you will be infected with DarkComet RAT campaign, to mitigate victims would reinstall operating systems, use an antivirus or can contact information security professions for recovery.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Related Read

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Dark Web Hosting Provider Got Hacked, 6,500+ Sites Including Root Account Deleted From Server