什么是Creepware
Contents
什么是 Creepware
Creepware(也称为远程访问木马或RAT)是恶意软件,它在受害者的设备上不知情地安装,并允许攻击者访问和控制被黑客入侵的设备(计算机,平板电脑,笔记本电脑,智能手机或其他设备(例如IoT-物联网)远程访问。
RAT的缩写是Remote Access/Administration Trojan(具有远程访问/管理功能的木马)和Remote Access/Administration工具(用于远程访问/管理的工具)的缩写。远程访问工具和远程访问木马之间的区别在于,后者是秘密安装的,并用于非法和/或恶意目的,而远程访问工具则用于授权操作和合法目的,例如技术支持,以连接到您的家或旅行中的工作场所计算机等
Creepware的工作方式
Creepware使用一种称为客户端服务器的工作模型,但它扭曲了该模型如何工作的通常想法,即当用户连接到提供某种服务的服务器时。对于CREEPWARE,受害者的设备成为服务器,而攻击者的设备充当客户端。提供给攻击者的“服务”是受害者设备上的信息或未经授权的操作。
What are the features of creepware?
Creepware provides the attacker with access to the following elements on a compromised device:
- files;
- processes and services;
- clipboard;
- network connections;
- registry;
- connected peripherals (printers, webcams, audio recording devices, etc.).
In addition, creepware allows the attacker to remotely monitor the compromised device, namely:
- keep a log of keystrokes pressed;
- take screenshots of the screen;
- record video from the connected webcam;
- record audio from the connected microphone;
- steal passwords;
- download and upload files from/to the device;
- open web pages;
- display messages on the screen;
- play audio messages;
- reboot or turn off the compromised device.
The main goals of using creepware
Information theft
Creepware allows the attacker to steal information both contained in the files and entered by users from the keyboard or recorded by connected devices.
Using device resources
A compromised device can be used for DDoS attacks, spamming, cryptocurrency mining, etc.
Voyeurism
The webcam on the victim's device can be used for secret recording.
Blackmail
Information stolen from the device can be used to blackmail the victim.