DarkComet Trojan discontinued after abuse by Syrian Government

Author recoils after Syrian regime uses tool to hack activists

The creator of the widely-abused DarkComet remote access tool (RAT) has discontinued the software after realising it was being used by the Syrian Government to spy on activists.

Although no doubt genuine, the announcement by Jean-Pierre Lesueur is a strange one. Although used by some white hats for legitimate pen testing, DarkComet has also been widely abused by black hats to hack remote systems thanks to its strong reputation in the criminal underworld.

After learning of its use by the Syrian Government to attack opponents of the regime, however, Lesueur, also known as 'DarkCoderSc', has had enough.

The DarkComet RAT could carry out the full gamut of Trojan mischief, from opening a back door to recording keystrokes and webcam images.

"Why did I take such a decision? Like it was said above because of the missuse of the tool, and unlike so many of you seem to believe I can be held responsible of your actions, and if there is something I will not tolerate is to have to pay the consequences for your mistakes and I will not cover for you," he wrote.

In May, the Syrian Government was reported to be using several Trojans, including DarkComet, to target anti-government activists through bogus Skype phone calls.

This took the use of the Trojan from the realm of criminality into that of death and murder, which seems to have been too much for Lesueur. Indeed, the Syrian Government has become a case study in how allegedly totalitarian regimes can counter the power of Internet opposition using black hat tools and malware.

The coder's decision is unlikely to slow the Syrian regime's use of such tools; there are plenty to choose from.

"Unlike what a handfull (sic) of people think i never cautioned small/huge hacker groups who used my software wrongly, my goals always where to provide acces to tools more powerfull than any paying/private existing tool in terms of security and all for free!," said Lesueur.

"It was no surprise to hear of the Syrian regime using this Rat to spy on their population. It follows in the grand tradition of using Rats in targeted, politically motivated attacks such as LuckyCat, Gh0stnet and Shadownet," security expert Rik Ferguson of Trend Micro told the BBC.

"It's not often you can welcome the demise of anything, however, let's hope DarkComet is only the first Rat to take the poison."

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place