什么是Creepware
Contents
什麼是 Creepware
Creepware(也稱為遠程訪問木馬或RAT)是惡意軟體,它在受害者的設備上不知情地安裝,並允許攻擊者訪問和控制被黑客入侵的設備(計算機,平板電腦,筆記本電腦,智慧型手機或其他設備(例如IoT-物聯網)遠程訪問。
RAT的縮寫是Remote Access/Administration Trojan(具有遠程訪問/管理功能的木馬)和Remote Access/Administration工具(用於遠程訪問/管理的工具)的縮寫。遠程訪問工具和遠程訪問木馬之間的區別在於,後者是秘密安裝的,並用於非法和/或惡意目的,而遠程訪問工具則用於授權操作和合法目的,例如技術支持,以連接到您的家或旅行中的工作場所計算機等
How creepware works
Creepware uses a model of work called client-server, but it distorts the usual idea of how this model works, i.e. when a user connects to a server that provides some kind of service. In the case of creepware, the victim's device becomes a server, and the attacker's device works as a client. The "service" provided to the attacker are information or unauthorized actions on the victim's device.
What are the features of creepware?
Creepware provides the attacker with access to the following elements on a compromised device:
- files;
- processes and services;
- clipboard;
- network connections;
- registry;
- connected peripherals (printers, webcams, audio recording devices, etc.).
In addition, creepware allows the attacker to remotely monitor the compromised device, namely:
- keep a log of keystrokes pressed;
- take screenshots of the screen;
- record video from the connected webcam;
- record audio from the connected microphone;
- steal passwords;
- download and upload files from/to the device;
- open web pages;
- display messages on the screen;
- play audio messages;
- reboot or turn off the compromised device.
The main goals of using creepware
Information theft
Creepware allows the attacker to steal information both contained in the files and entered by users from the keyboard or recorded by connected devices.
Using device resources
A compromised device can be used for DDoS attacks, spamming, cryptocurrency mining, etc.
Voyeurism
The webcam on the victim's device can be used for secret recording.
Blackmail
Information stolen from the device can be used to blackmail the victim.