什么是Creepware

什么是 Creepware

Creepware（也称为远程访问木马或RAT）是恶意软件，它在受害者的设备上不知情地安装，并允许攻击者访问和控制被黑客入侵的设备（计算机，平板电脑，笔记本电脑，智能手机或其他设备（例如IoT-物联网）远程访问。

RAT的缩写是Remote Access/Administration Trojan（具有远程访问/管理功能的木马）和Remote Access/Administration工具（用于远程访问/管理的工具）的缩写。远程访问工具和远程访问木马之间的区别在于，后者是秘密安装的，并用于非法和/或恶意目的，而远程访问工具则用于授权操作和合法目的，例如技术支持，以连接到您的家或旅行中的工作场所计算机等

How creepware works

Creepware uses a model of work called client-server, but it distorts the usual idea of how this model works, i.e. when a user connects to a server that provides some kind of service. In the case of creepware, the victim's device becomes a server, and the attacker's device works as a client. The "service" provided to the attacker are information or unauthorized actions on the victim's device.

What are the features of creepware?

Creepware provides the attacker with access to the following elements on a compromised device:

• files;
• processes and services;
• clipboard;
• network connections;
• registry;
• connected peripherals (printers, webcams, audio recording devices, etc.).

In addition, creepware allows the attacker to remotely monitor the compromised device, namely:

• keep a log of keystrokes pressed;
• take screenshots of the screen;
• record video from the connected webcam;
• record audio from the connected microphone;
• steal passwords;
• download and upload files from/to the device;
• open web pages;
• display messages on the screen;
• play audio messages;
• reboot or turn off the compromised device.

The main goals of using creepware

Information theft

Creepware allows the attacker to steal information both contained in the files and entered by users from the keyboard or recorded by connected devices.

Using device resources

A compromised device can be used for DDoS attacks, spamming, cryptocurrency mining, etc.

Voyeurism

The webcam on the victim's device can be used for secret recording.

Blackmail

Information stolen from the device can be used to blackmail the victim.