Last week, it was announced that one of the creators of BlackShades NET Remote Access Trojan was arrested along with 23 others in an international assault against cybercrime. As you recall from previous blogs posted on Unpacked, we have given you, the reader, an in-depth look into what kind of dangers are presented by the capabilities of this malware. We have also discussed a very serious situation concerning the use of this tool in political conflicts in Syria and consequently the dawning of the age of malware being used in warfare.
As reported by the Electronic Frontier Foundation (EFF) earlier this week, a new Trojan is being spread to Syrian activists in an attempt to employ electronic surveillance on the group and its members. This Trojan is none other than the BlackShades RAT I blogged about last week as Part 2 of a series on different RATs found in the wild. As it turns out the first blog post on DarkComet has also been used against the activists in the past.
Syria is currently undergoing a very serious and bloody internal war between the government and the opposition forces or activists who want to see the tyranny and injustice shown by the country’s top leaders come to an end. I cannot speak about it in detail but can only refer you to this video by CNN which explains everything very well up to now:
Beyond attempting to squash opposition on the ground with the use of tanks and guns, attempts have been made to do the same thing in the cyber arena, by pitting people against each other and destroying communication, at the same time collecting vital information on the communications of the activists. In order to accomplish this, three types of Remote Access Trojans/Tools have been used against the activists with various methods of infection.