Ukrainian cyber police arrested a hacker who took root in 2000 users’ devices, using DarkComet malware

Ukrainian cyber police reported on the arrest of a 42-year-old resident of Lviv. Police officers also stressed that approximately 2,000 people from 50 countries all over the world were infected with the DarkComet malware.

DarkComet appeared in 2008 and represented at first a legal tool for remote administration. However, attackers admitted the powerful spying capabilities of DarkComet soon and adapted this tool for their own needs by modifying DarkComet into a multifunctional remote access trojan (RAT).

As recently as 2012, the original developer dropped this project but virus writers picked up his idea and DarkComet-based malware is still actively used by numerous attackers around the world. Sometimes the same strategies are found even in the arsenals of "governmental" hacker groups.

DarkComet is a classic RAT threat with ability to install a "client" module on the infected machine and then sends the data collected to a "server" module, that is, to the administrative panel. DarkComet also includes a keylogger (keystrokes monitoring), a clipboard monitoring, utilities for working with the network and ability to remotely shut down and restart a certain computer. Besides, malware can take screenshots, intercept sound from a microphone and any video made by using integrated or outside cameras, steal numerous documents and passwords from local apps, delete apps as well as install additional malware on the infected device, disable various OS functions and a host of other things.