First Remote-Access Trojan That Can Target Android, Linux, Mac and Windows 63
An anonymous reader writes: Hackers have put on sale OmniRAT, a remote access trojan that can target Androids, Linux, Mac, and Windows PCs. The tool costs $25-$50, which is only a fraction of $200-$300,the price of DroidJack, another Android RAT. Avast is currently reporting that the RAT was used this summer in Germany, spread to victims via SMS messages. The Softpedia article about OmniRAT includes a video, but declined to post the tool's homepage. You can easily find it via a Google search.
Re: (Score:2)
Oh, I see ... (Score:5, Insightful)
So, basically if you click on random links in text messages you can get this malware.
Well then, this is a decades old problem and is as much a human issue as it is a technology one.
This is precisely why I will never click on ANY link behind an URL shortener; because you have no bloody idea what it is.
Re:Oh, I see ... (Score:5, Insightful)
This is precisely why I will never click on ANY link behind an URL shortener; because you have no bloody idea what it is.
Same here...I think URL shorteners are like tap-dancing across a field full of landmines...you might avoid most of them but it only takes one to completely ruin your day.
The only place they're useful at all is on something like twitter where space is limited, but that doesn't change the fact that clicking on one is like rolling the dice. Of course, that's true for almost any URL these days- you never know what site has been compromised and is trying to infect you.
It's one of the main reasons I use NoScript and AdBlock; those two plugins have probably saved my ass more times than I can count.
Re: (Score:3)
I use tinyurl, because anyone who is familiar with it will do preview.tinyurl and then be able to see the link. If the place seems paranoid, I'll use the preview directly, letting you see the link and you click on it if you want.
The vast majority of url shorteners, beyond the few name brand ones, exist to ruin you somehow. But the good ones are still good.
Re: Oh, I see ... (Score:2)
Re: (Score:1)
It could have easily been designed so that links were stored separate from the message, which would be a lot safer for its users.
That shit costs money. Why should Twitter care? This is a client problem.
Re: (Score:2)
Twitter should care because its customers will spend more time tweeting and enjoying the service, which is what Twitter monetizes. Pretty straight up. Same reason your car doors lock and your front end crumples instead of landing directly in your lap when you have an accident (also a "client problem.") Safety is a significant consumer motivator. Smart design sees to it that best practices are followed.
When you learn that car X has a crumple zone and locks, but car Y is an accordion waiting to happen and has
Re: (Score:1)
Twitter has no need for a crumple zone until it becomes a marketing necessity. Without any competition, Twitter has little to worry about customer safety.
Re: (Score:2)
I disagree. I disagree by virtue of spending very little time posting on Twitter and almost no time at all reading other Tweets. Instead, I share my between places where images can be posted in line and without censorship, comments can be longer than 140 characters, and actual intelligent conversations and interactions can be had. Twitter offers me almost nothing; and in the process, what they do offer, the offer badly. It's not compelling. Consequently they don't have me as any kind of enthusiastic custome
Re: (Score:1)
We are kinda talking about two different things. You and I are invisible to Twitter. They don't need to care. Business is good. They have all the cost/benefit ratios figured out. If it all goes south, they just move their money somewhere else into another market. Try to see it from the few of the stock market or a hedge fund manager looking for a place to launder his money. The simple idea is maximal return with minimal effort. Leave the details to somebody else.
Re: (Score:2)
All true, but still not the same as "they have no competition" and "they don't need to care." If they care, they preserve and protect their business model, because it is a better business model. A better business model is also a stronger argument for the hedge fund manager or stockbroker.
What we're looking at here is simple incompetence with its basis in the trope "good enough, ship it."
Windows is Android? (Score:2)
>Nope, it exploits only one thing: Android's ...
Windows is Android now? When did that happen? Let me quote the friggin HEADLINE for you:
Trojan That Can Target Android, Linux, Mac and Windows
All it exploits (on Windows, Mac, and Linux) is something you don't like about Android? I didn't know know Windows, Mac, and Linux are all Android distributions now.
Re: (Score:2)
Even better: it appears that both the client and server are multi-platform. They claim you can control your victims from an Android device as well. The say that it works on all Unix variants, but that those offer fewer features (unspecified). It seems like they are pointing toward a Java package as the multi-platform malware.
Someone posted an "article" to Linkedin with several of the claimed features:
https://www.linkedin.com/pulse... [linkedin.com]
Re: (Score:2)
You're half right. What it exploits are brain dead users.
Re: (Score:2)
One would think that all of the shorteners would make it a lot easier to see the full URL for this very reason.
Re: (Score:2)
How? By running scripts when you hover?
Sorry, but if I don't trust the URL shortener, I don't trust it to tell me what the URL is.
I've pretty much marked the entire .ly domain as untrusted.
Re: (Score:3)
The user still has to navigate to a website then install the app granting android permission to execute. The statement "spread to victims via SMS messages." is fear mongering.
Here's a pretty interesting video.
http://www.youtube.com/watch?v... [youtube.com]
Re: (Score:2)
There are a couple of extensions that will preview the real URL behind a shortened link. For instance, Firefox has Interclue, Safari has Ultimate Status Bar, couldn't find one for Chrome or Opera but there's probably something.
Of course that doesn't help with SMS or mobile browsers that don't support extensions, but it makes desktop browsing a little more secure.
Re: (Score:2)
Re: (Score:2)
Damn (Score:2)
"... can target Androids, Linux, Mac, and Windows PCs."
Well, isn't that nice. Finally a true cross-platform service that doesn't discriminate.
I'm generally a very peaceful, easy-going guy, but I would be all in favor of hunter-killer teams finding the people that write this shit and lopping their heads off.
Re: (Score:2)
No no, you are doing it all wrong!
You chop their hands of! And then you leave with the words: happy wanking!
Re: (Score:2)
Why? It's a trojan, not a virus. It doesn't auto-install on all of the platforms, it requires user intervention to install. It's like saying that VNC (also available for all the above platforms) developers should be hunted down. This is basically a VNC package that hides itself, nothing too bad.
Re: (Score:2)
My sentiments exactly. Just grab the VNC SDK and hide it behind a wrapper that makes a simple game and *tada.wav* you're doing the same thing.
Mac ? (Score:2)
In which part of the linked articles do they talk about Macs ??
Didn't find it.
Re: (Score:2)
In which part of the linked articles do they talk about Macs ?? Didn't find it.
Or about Windows or Linux, for that matter. I suspect they mean that the server that controls the infected phone can run on Windows, OS X, or Linux, not that the infecting client runs on Windows, OS X, or Linux. [slashdot.org]
Re: (Score:2)
It appears that both the server and client are multi-platform, possibly as Java packages.
https://www.linkedin.com/pulse... [linkedin.com]
Re: (Score:3)
It appears that both the server and client are multi-platform, possibly as Java packages.
https://www.linkedin.com/pulse... [linkedin.com]
As that page says, "The Client was coded in Java to support as many OS as possible. It requires the Java Version 7 and is extremely persistent.", although it "supports less features" on OS X, Linux, and other "Unix machines".
Presumably it runs as root if it "You can view, create, delete, rename, download, copy and move all files & folders on your clients machine.", unless the ability to do that to all files and folders is one of those features not supported on UN*Xes. (Can you turn off rootless mode o
Re: (Score:3)
Macs don't even ship with either Flash or Java these days and Java 7 is too recent compared to the last version that was included. I think it's a non-issue for the majority of Mac users.
Fight for your bitcoins! [coinbrawl.com]
Re: (Score:2)
I think it's a non-issue for the majority of users, period. The news seems to be that if you can trick your target into installing something then you can control that device from any other device.
Re: (Score:2)
"Can you turn off rootless mode on OS X 10.11 with this tool?)"
What is "rootless mode" supposed to be?
Re: (Score:2)
"Can you turn off rootless mode on OS X 10.11 with this tool?)" What is "rootless mode" supposed to be?
Another name used for the mode where System Integrity Protection [apple.com] is enabled.
Re: (Score:2)
The link has nothing to do with what the parent implied or did not imply ... did he mean "user root" or root less as in X-Windows integration into the Mac OS X GUI? ... so my bet is the parent only was shuffling words ;
Both actually has nothing to do with the topic
Re: (Score:2)
The link has nothing to do with what the parent implied or did not imply ... did he mean "user root" or root less as in X-Windows integration into the Mac OS X GUI?
Both actually has nothing to do with the topic ... so my bet is the parent only was shuffling words ;
If by "the parent" you mean the comment where I asked "Can you turn off rootless mode on OS X 10.11 with this tool?" [slashdot.org], then I can assure you with 100% certainty that he meant "the System Integrity Protection feature of OS X El Capitan, often referred to as "rootless mode" [google.com], as he is me. The "root" in there refers to the user root; "rootless" mode disables even the root account from making some changes.
The question was asked because the only way a trojan will be able to modify the files protected by System I
Re: (Score:2)
First: the name "rootless" is misleading, since there's still a root account, and you can still access it (the official name, "System Integrity Protection", is more accurate). What it really does is limit the power of the root account, so that even if you become root, you don't have full control over the system. ... the rest are 10.6 ...
Would have been surprising if there was no "root account".
I missed that you specifically asked for OS X 10.11. As I'm only running older Systems, I believe my newest is 10.9
Re: (Score:2)
It will be interesting to see how this thread [slashdot.org] will be moderated as a gauge of the relative hypocracy going on. I thought you might be interested in the actual governance surrounding plants.
Re: (Score:1)
In which part of the linked articles do they talk about Macs ??
Didn't find it.
In the second paragraph of the first linked article.
Re: (Score:2)
This knowledge - and more - can be yours by visiting omnirat.eu (while supplies last).
Re: (Score:2)
https://blog.avast.com/2015/11... [avast.com]
" OmniRat can also give you remote control of any Windows, Linux or Mac device."
BSD and Solaris (Score:2)
Re: (Score:2)
Re: (Score:1)
BeOS!
Misleading title - *controller* runs on PCs? (Score:5, Informative)
Re: (Score:3)
The video here shows remote control of a Windows machine from an Android device:
https://www.linkedin.com/pulse... [linkedin.com]
Video says "control Windows from Windows" (Score:2)
The video says you can control Windows From Windows, Windows from Android, etc.
Re: (Score:2)
Just STOP it! we can't get more views with rational thought! Stop posting this shit! MOAR VIEWS!!!!!!!!!!!!!!!!!!
Let me compare to TeamViewer(tm) (Score:3)
Both have a website.
Both accept paypal. OmniRAT accepts bitcoin too.
Both applications are visible in android settings, nothing is hidden.
TeamViewer license needs renewal, They Offer LifeTime license
You can't delete OmniRAT the same way you can't delete the sasmsung RAT or the google location thingy.
TeamViewer supports iOS and windows phone, they don't
TeamViewer has 24/7 phone support. OmniRAT only have an skype.
\ OmniRAT prices are $25 and $50, TeamViewer starts at 30 Euro/month and 145 Euro/month for corporate customers. (+$50 for each connection more than 3)
TeamViewer has non-commercial version available for free.(It disconnects if it detects you're using it too much)
OmniRAT offer upgrades at a lower price just like TeamViewer
Both are made in germany.
Nothing wrong with it. I'll buy it.