A RAT is a Remote Access Tool.
But a RAT can also be a Remote Access Trojan, when in the hands of cybercriminals trying to spy on innocent users, or steal information for financial gain.
Long term readers of this site will be familiar with NanoCore, a modular RAT sold and supported via the underground hacking site HackForums.net.
It was NanoCore that was served up on 500 publishers’ websites (including The Economist) after PageFair’s anti-ad-blocking tool was hacked.
It was NanoCore that was distributed via a malicious email campaign sent to oil and gas firms in Asia and the Middle East in 2015, posing as a message from a legitimate South Korean energy company.
As Bleeping Computer reports, an Arkansas man has now been sent to prison after he was found guilty of aiding and abetting online criminals by creating and selling the NanoCore RAT.
27-year-old Taylor Huddleston, of Hot Springs, Arkansas, pleaded guilty last year and has now been sentenced to 33 months in prison with two years of supervised release.
That’s despite the fact that he was not accused of using the malware in any attacks himself.
The waters are further muddied by the fact that while Huddleston tried to earn money developing and selling the NanoCore RAT, others pirated his program and offered cracked versions available for download on the internet to others who were too stingy to pay the original author $25.
Nonetheless, the prosecutors’ argument was that Huddleston developed the NanoCore RAT knowing full well that customers intended to use it for unauthorised and illegal computer intrusions, “and, at all times, acted with the purpose of furthering and aiding and abetting these unauthorised and illegal computer intrusions and causing them to occur.”
Presumably it was also difficult for Huddleston to argue that NanoCore was not developed with malicious intent when it contained the ability to log keypresses, steal passwords saved on victims’ computers, and surreptitiously activate the webcam. In addition, it was shown that NanoCore could be augmented with third-party modules that provided ransomware and DDoS (distributed denial-of-service) features.
After Huddleston pleaded guilty to the charges, his defence team argued for a lenient sentence of up to six months in prison:
“Mr. Huddleston understands and accepts that he broke the law by marketing… NanoCore on a website frequented by users who would likely use the programs for malicious purposes. Mr. Huddleston knows that he has no one to blame but himself, and is prepared to serve the sentence this Court finds appropriate. His actions before and after his arrest illustrate his sincere remorse and dedication to using his talents to benefit society and make amends for his illegal conduct.”
As it is, the court decided on a 33 month prison term.
There’s a clear message here for others considering dipping their toes into the world of cybercrime: don’t.