Home Security Who’s Behind the RevCode WebMonitor RAT

Who’s Behind the RevCode WebMonitor RAT

0
Who’s Behind the RevCode WebMonitor RAT

The owner of a Swedish organization at the back of a popular far-flung management device (RAT) implicated in thousands of malware attacks stocks the identical name as a Swedish guy who pleaded responsible in 2015 to co-developing the Blackshades RAT, a comparable product that became used to infect more than half of one million computers with malware, KrebsOnSecurity has found out.

At trouble is a program referred to as “WebMonitor,” which was designed to permit users to remotely manipulate a computer (or more than one machines) thru a Web browser. The makers of WebMonitor, a corporation in Sweden known as “RevCode,” say their product is a felony and valid software program “that facilitates companies and personal users handle the security of owned devices.”

 

But critics say WebMonitor is far more likely to be deployed on “pwned” gadgets, or those which can be surreptitiously hacked. The software program is broadly categorized as malware by maximum antivirus corporations, probable way to a marketed function listing that consists of dumping the faraway computer’s temporary reminiscence; retrieving passwords from dozens of email applications; snarfing the goal’s Wi-Fi credentials, and viewing the target’s Webcam.

In a writeup on WebMonitor posted in April 2018, researchers from safety firm Palo Alto Networks stated that the product has been often advertised on underground hacking boards and that its developers promoted several traits of the software possibly to enchantment to cyber criminals seeking to secretly compromise PCs.

For example, RevCode’s internet site touted the software’s compatibility with all “crypters,” software which could encrypt, obfuscate and manage malware to make it tougher to discover by way of antivirus applications. Palo Alto also cited WebMonitor includes the option to suppress any notification bins which could pop up whilst the RAT is being mounted on a laptop.

RevCode continues it is a legitimate business enterprise formally registered in Sweden that obeys all applicable Swedish laws. A few hours of searching online turned up an interesting document at Ratsit AB, a credit score statistics carrier based totally in Sweden. That report indicates RevCode is owned by 28-12 months-vintage Swedish resident Alex Yücel.

In February 2015, a then 24-year-vintage Alex Yücel pleaded responsible in a U.S. Court to laptop hacking and to creating, advertising and promoting Blackshades, a RAT that was used to compromise and spy on loads of lots of computer systems. Arrested in Moldova in 2013 as part of a big-scale, international takedown in opposition to Blackshades and loads of clients, Yücel became the primary individual ever to be extradited from Moldova to the United States.

Yücel becomes sentenced to 57 months in jail, but in keeping with a record for Yücel on the U.S. Federal Bureau of Prisons, he became released on Nov. 1, 2016. The first commercials in hacker boards for the sale of WebMonitor commenced in mid-2017. RevCode became registered as a respectable Swedish business enterprise in 2018, in step with Ratsit.

Until recently, RevCode published on its Web website a price brought tax (VAT) range, an identifier used in lots of European nations for price added tax purposes. That VAT number — first noted by using the weblog Krabsonsecurity.Com (which borrows closely from this website online’s design and banner however otherwise bears no relation to KrebsOnSecurity.Com) — has considering been eliminated from the RevCode Web site and from historical records at The Internet Archive. The VAT variety mentioned in that record is registered to Alex Yücel and matches the variety listed for RevCode by Ratsit AB.

Yücel could not be right now reached for comment. But an unnamed person responded to an email despatched to the customer service cope with listed at RevCode’s website online. Presented with the records and hyperlinks referenced above, the individual responding wrote, “nobody running for/with RevCode is in any manner associated with BlackShades. Anything else suggesting otherwise is nothing but rumors and tries to degrade our organization via defamation.”

The character responding from the RevCode assist electronic mail cope with contended that the Alex Yücel listed as the proprietor of the agency turned into no longer the identical Alex Yücel convicted of co-authoring Blackshades. However, until the Ratsit document is completely wrong, this seems not going to be real.

According to the Ratsit listing, the Alex Yücel who heads RevCode presently lives in a suburb of Stockholm, Sweden with his dad and mom Can and Rita Yücel. Both Can and Rita Yücel co-signed a letter (PDF) in June 2015 testifying to a New York federal court docket concerning their son’s upstanding ethical person previous to Yücel the more youthful’s sentencing for the Blackshades conviction, according to court docket statistics.

LEAVE A REPLY

Please enter your comment!
Please enter your name here