CAMBRIDGE, MA – July 9, 2014 – Akamai Technologies, Inc. (NASDAQ:AKAM, news, filings), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released, through the company's Prolexic Security Engineering & Research Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts enterprises to a high-risk threat of stealth surveillance and computer hijacking attacks by the Blackshades Remote Administration Tool (RAT) crimeware kit. Malicious actors may use the Blackshades RAT to launch executables, monitor audio and video, run webcams, capture screens, and log keystrokes on infected machines. The advisory is available for download from Prolexic (now part of Akamai) at www.prolexic.com/blackshades.
"Blackshades RAT is a relatively new and very powerful crimeware kit that can expose confidential information as the user works," said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. "It's like having someone watch over the user's shoulder without their knowledge. In addition, the malicious actor can use the infected computers to run malicious programs and even lock users out of their own files."
Recent focus of the FBI
Blackshades is among the most popular RATs in the criminal underground as it provides an ample list of crimeware features. The surveillance feature mimics the capabilities of legitimate software with the unfortunate advantage that its victims are unaware that they are sharing the information. Webcam and screen capture provide tangible data about the victim, and keylog data can provide access to sensitive information in real-time as it is typed.
Malicious actors may seek to monetize the information they gain from spying on their victims with Blackshades RAT. The value of this information varies depending on the targeted victim's reputation, level of income, place of work or membership in an organization. Recent incidents covered by the media involved blackmail and extortion of the victims, some of whom were famous personalities. U.S. officials have announced the arrest of more than 90 individuals allegedly connected to the Blackshades RAT operation, but the threat remains.
Enterprises and individuals need to take defensive measures
Blackshades RAT payloads can be difficult to detect, and therefore challenging to mitigate. Furthermore, a typical infection consists of a multi-stage attack, where the victim is tricked into downloading a file, which will subsequently download and execute the actual Blackshades payload. Due to these effective infection techniques, enterprises and individuals must practice diligence while browsing the Internet, reading emails and using other web-based applications prone to drive-by attacks.
Once the Blackshades RAT server payload has infected a system, it typically goes through several stages. One stage is stealth, where the RAT tries to leave the smallest footprint possible on the infected system. The next stage is establishing persistence, which allows the malware to survive system reboots. Once stealth and persistence are attained, a multitude of illegitimate capabilities become available to the malicious actor.
Get the Blackshades RAT Threat Advisory to learn more
In the advisory, PLXsert shares its analysis and details about Blackshades RAT, including:
- Recent history of remote access tools
- Indicators of infection
- How it works
- How it persists, including its anti-kill feature
- Remote access capabilities, including surveillance and keylogging
- Recommended mitigation, including a YARA rule
A complimentary copy of the threat advisory is available for download at www.prolexic.com/blackshades.
Akamai® is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company's solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with first class reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.