Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Android OS X Security Windows

First Remote-Access Trojan That Can Target Android, Linux, Mac and Windows 63

An anonymous reader writes: Hackers have put on sale OmniRAT, a remote access trojan that can target Androids, Linux, Mac, and Windows PCs. The tool costs $25-$50, which is only a fraction of $200-$300,the price of DroidJack, another Android RAT. Avast is currently reporting that the RAT was used this summer in Germany, spread to victims via SMS messages. The Softpedia article about OmniRAT includes a video, but declined to post the tool's homepage. You can easily find it via a Google search.
This discussion has been archived. No new comments can be posted.

First Remote-Access Trojan That Can Target Android, Linux, Mac and Windows

Comments Filter:
  • Oh, I see ... (Score:5, Insightful)

    by gstoddart ( 321705 ) on Thursday November 05, 2015 @02:16PM (#50871963) Homepage

    The author of the post received an SMS stating an MMS from someone was sent to him (in the example, a German phone number is listed and the SMS was written in German). The SMS goes on to say âoeThis MMS cannot be directly sent to you, due to the Android vulnerability StageFright. Access the MMS within 3 days [Bitly link] with your telephone number and enter the PIN code [code]âoe. Once the link is opened, a site loads where you are asked to enter the code from the SMS along with your phone number.

    So, basically if you click on random links in text messages you can get this malware.

    Well then, this is a decades old problem and is as much a human issue as it is a technology one.

    This is precisely why I will never click on ANY link behind an URL shortener; because you have no bloody idea what it is.

    • Re:Oh, I see ... (Score:5, Insightful)

      by JustAnotherOldGuy ( 4145623 ) on Thursday November 05, 2015 @02:23PM (#50872029)

      This is precisely why I will never click on ANY link behind an URL shortener; because you have no bloody idea what it is.

      Same here...I think URL shorteners are like tap-dancing across a field full of landmines...you might avoid most of them but it only takes one to completely ruin your day.

      The only place they're useful at all is on something like twitter where space is limited, but that doesn't change the fact that clicking on one is like rolling the dice. Of course, that's true for almost any URL these days- you never know what site has been compromised and is trying to infect you.

      It's one of the main reasons I use NoScript and AdBlock; those two plugins have probably saved my ass more times than I can count.

      • by cfalcon ( 779563 )

        I use tinyurl, because anyone who is familiar with it will do preview.tinyurl and then be able to see the link. If the place seems paranoid, I'll use the preview directly, letting you see the link and you click on it if you want.

        The vast majority of url shorteners, beyond the few name brand ones, exist to ruin you somehow. But the good ones are still good.

      • he only place they're useful at all is on something like twitter where space is limited

        ...and that is (one of) the reason(s) why Twitter is pretty sorry. It could have easily been designed so that links were stored separate from the message, which would be a lot safer for its users. Lame design.

        • It could have easily been designed so that links were stored separate from the message, which would be a lot safer for its users.

          That shit costs money. Why should Twitter care? This is a client problem.

          • by fyngyrz ( 762201 )

            Twitter should care because its customers will spend more time tweeting and enjoying the service, which is what Twitter monetizes. Pretty straight up. Same reason your car doors lock and your front end crumples instead of landing directly in your lap when you have an accident (also a "client problem.") Safety is a significant consumer motivator. Smart design sees to it that best practices are followed.

            When you learn that car X has a crumple zone and locks, but car Y is an accordion waiting to happen and has

            • Twitter has no need for a crumple zone until it becomes a marketing necessity. Without any competition, Twitter has little to worry about customer safety.

              • by fyngyrz ( 762201 )

                I disagree. I disagree by virtue of spending very little time posting on Twitter and almost no time at all reading other Tweets. Instead, I share my between places where images can be posted in line and without censorship, comments can be longer than 140 characters, and actual intelligent conversations and interactions can be had. Twitter offers me almost nothing; and in the process, what they do offer, the offer badly. It's not compelling. Consequently they don't have me as any kind of enthusiastic custome

                • We are kinda talking about two different things. You and I are invisible to Twitter. They don't need to care. Business is good. They have all the cost/benefit ratios figured out. If it all goes south, they just move their money somewhere else into another market. Try to see it from the few of the stock market or a hedge fund manager looking for a place to launder his money. The simple idea is maximal return with minimal effort. Leave the details to somebody else.

                  • by fyngyrz ( 762201 )

                    All true, but still not the same as "they have no competition" and "they don't need to care." If they care, they preserve and protect their business model, because it is a better business model. A better business model is also a stronger argument for the hedge fund manager or stockbroker.

                    What we're looking at here is simple incompetence with its basis in the trope "good enough, ship it."

    • by SQLGuru ( 980662 )

      One would think that all of the shorteners would make it a lot easier to see the full URL for this very reason.

      • How? By running scripts when you hover?

        Sorry, but if I don't trust the URL shortener, I don't trust it to tell me what the URL is.

        I've pretty much marked the entire .ly domain as untrusted.

    • by fred911 ( 83970 )

      The user still has to navigate to a website then install the app granting android permission to execute. The statement "spread to victims via SMS messages." is fear mongering.
      Here's a pretty interesting video.

      http://www.youtube.com/watch?v... [youtube.com]

    • There are a couple of extensions that will preview the real URL behind a shortened link. For instance, Firefox has Interclue, Safari has Ultimate Status Bar, couldn't find one for Chrome or Opera but there's probably something.

      Of course that doesn't help with SMS or mobile browsers that don't support extensions, but it makes desktop browsing a little more secure.

  • "... can target Androids, Linux, Mac, and Windows PCs."

    Well, isn't that nice. Finally a true cross-platform service that doesn't discriminate.

    I'm generally a very peaceful, easy-going guy, but I would be all in favor of hunter-killer teams finding the people that write this shit and lopping their heads off.

    • No no, you are doing it all wrong!
      You chop their hands of! And then you leave with the words: happy wanking!

    • by guruevi ( 827432 )

      Why? It's a trojan, not a virus. It doesn't auto-install on all of the platforms, it requires user intervention to install. It's like saying that VNC (also available for all the above platforms) developers should be hunted down. This is basically a VNC package that hides itself, nothing too bad.

      • by KGIII ( 973947 )

        My sentiments exactly. Just grab the VNC SDK and hide it behind a wrapper that makes a simple game and *tada.wav* you're doing the same thing.

  • In which part of the linked articles do they talk about Macs ??
    Didn't find it.

    • In which part of the linked articles do they talk about Macs ?? Didn't find it.

      Or about Windows or Linux, for that matter. I suspect they mean that the server that controls the infected phone can run on Windows, OS X, or Linux, not that the infecting client runs on Windows, OS X, or Linux. [slashdot.org]

      • It appears that both the server and client are multi-platform, possibly as Java packages.

        https://www.linkedin.com/pulse... [linkedin.com]

        • It appears that both the server and client are multi-platform, possibly as Java packages.

          https://www.linkedin.com/pulse... [linkedin.com]

          As that page says, "The Client was coded in Java to support as many OS as possible. It requires the Java Version 7 and is extremely persistent.", although it "supports less features" on OS X, Linux, and other "Unix machines".

          Presumably it runs as root if it "You can view, create, delete, rename, download, copy and move all files & folders on your clients machine.", unless the ability to do that to all files and folders is one of those features not supported on UN*Xes. (Can you turn off rootless mode o

          • Macs don't even ship with either Flash or Java these days and Java 7 is too recent compared to the last version that was included. I think it's a non-issue for the majority of Mac users.

            Fight for your bitcoins! [coinbrawl.com]

            • I think it's a non-issue for the majority of users, period. The news seems to be that if you can trick your target into installing something then you can control that device from any other device.

          • "Can you turn off rootless mode on OS X 10.11 with this tool?)"
            What is "rootless mode" supposed to be?

            • "Can you turn off rootless mode on OS X 10.11 with this tool?)" What is "rootless mode" supposed to be?

              Another name used for the mode where System Integrity Protection [apple.com] is enabled.

              • The link has nothing to do with what the parent implied or did not imply ... did he mean "user root" or root less as in X-Windows integration into the Mac OS X GUI?
                Both actually has nothing to do with the topic ... so my bet is the parent only was shuffling words ;

                • The link has nothing to do with what the parent implied or did not imply ... did he mean "user root" or root less as in X-Windows integration into the Mac OS X GUI? Both actually has nothing to do with the topic ... so my bet is the parent only was shuffling words ;

                  If by "the parent" you mean the comment where I asked "Can you turn off rootless mode on OS X 10.11 with this tool?" [slashdot.org], then I can assure you with 100% certainty that he meant "the System Integrity Protection feature of OS X El Capitan, often referred to as "rootless mode" [google.com], as he is me. The "root" in there refers to the user root; "rootless" mode disables even the root account from making some changes.

                  The question was asked because the only way a trojan will be able to modify the files protected by System I

                  • First: the name "rootless" is misleading, since there's still a root account, and you can still access it (the official name, "System Integrity Protection", is more accurate). What it really does is limit the power of the root account, so that even if you become root, you don't have full control over the system.
                    Would have been surprising if there was no "root account".
                    I missed that you specifically asked for OS X 10.11. As I'm only running older Systems, I believe my newest is 10.9 ... the rest are 10.6 ...

                    • by MrKaos ( 858439 )
                      Apologies for the OT. The fanbois are howling with their ad hom orgy in the other thread and the mod trolls are out in force.

                      It will be interesting to see how this thread [slashdot.org] will be moderated as a gauge of the relative hypocracy going on. I thought you might be interested in the actual governance surrounding plants.

    • by Anonymous Coward

      In which part of the linked articles do they talk about Macs ??
      Didn't find it.

      In the second paragraph of the first linked article.

    • This knowledge - and more - can be yours by visiting omnirat.eu (while supplies last).

    • by AHuxley ( 892839 )
      There’s more than one RAT (November 5th, 2015)
      https://blog.avast.com/2015/11... [avast.com]
      " OmniRat can also give you remote control of any Windows, Linux or Mac device."
  • BSD and Solaris for the WIN!
  • by Guy Harris ( 3803 ) <guy@alum.mit.edu> on Thursday November 05, 2015 @02:49PM (#50872215)
    Perhaps "OmniRAT Lets Hackers Control Android Phones, Windows, Mac, and Linux PCs" really means "OmniRAT Lets Hackers Control Android Phones *from* Windows, Mac, and Linux PCs". A screen grab in the Avast blog post [avast.com] speaks of a "Multi-OS Server - Android Client", which may mean that the server that controls the remote phone can run on Windows, OS X, and Linux.
  • by Behrooz Amoozad ( 2831361 ) on Thursday November 05, 2015 @06:05PM (#50873513)
    Let me compare to TeamViewer(tm)
    Both have a website.
    Both accept paypal. OmniRAT accepts bitcoin too.
    Both applications are visible in android settings, nothing is hidden.
    TeamViewer license needs renewal, They Offer LifeTime license
    You can't delete OmniRAT the same way you can't delete the sasmsung RAT or the google location thingy.
    TeamViewer supports iOS and windows phone, they don't
    TeamViewer has 24/7 phone support. OmniRAT only have an skype.
    \ OmniRAT prices are $25 and $50, TeamViewer starts at 30 Euro/month and 145 Euro/month for corporate customers. (+$50 for each connection more than 3)
    TeamViewer has non-commercial version available for free.(It disconnects if it detects you're using it too much)
    OmniRAT offer upgrades at a lower price just like TeamViewer
    Both are made in germany.
    Nothing wrong with it. I'll buy it.

Quark! Quark! Beware the quantum duck!

Working...