First Remote-Access Trojan That Can Target Android, Linux, Mac and Windows

An anonymous reader writes: Hackers have put on sale OmniRAT, a remote access trojan that can target Androids, Linux, Mac, and Windows PCs. The tool costs $25-$50, which is only a fraction of $200-$300,the price of DroidJack, another Android RAT. Avast is currently reporting that the RAT was used this summer in Germany, spread to victims via SMS messages. The Softpedia article about OmniRAT includes a video, but declined to post the tool's homepage. You can easily find it via a Google search.

Oh, I see ...

[gstoddart]

The author of the post received an SMS stating an MMS from someone was sent to him (in the example, a German phone number is listed and the SMS was written in German). The SMS goes on to say âoeThis MMS cannot be directly sent to you, due to the Android vulnerability StageFright. Access the MMS within 3 days [Bitly link] with your telephone number and enter the PIN code [code]âoe. Once the link is opened, a site loads where you are asked to enter the code from the SMS along with your phone number.

So, basically if you click on random links in text messages you can get this malware.

Well then, this is a decades old problem and is as much a human issue as it is a technology one.

This is precisely why I will never click on ANY link behind an URL shortener; because you have no bloody idea what it is.

Re:Oh, I see ...

[JustAnotherOldGuy]

This is precisely why I will never click on ANY link behind an URL shortener; because you have no bloody idea what it is.

Same here...I think URL shorteners are like tap-dancing across a field full of landmines...you might avoid most of them but it only takes one to completely ruin your day.

The only place they're useful at all is on something like twitter where space is limited, but that doesn't change the fact that clicking on one is like rolling the dice. Of course, that's true for almost any URL these days- you never know what site has been compromised and is trying to infect you.

It's one of the main reasons I use NoScript and AdBlock; those two plugins have probably saved my ass more times than I can count.

Re:Oh, I see ...

[cfalcon]

I use tinyurl, because anyone who is familiar with it will do preview.tinyurl and then be able to see the link. If the place seems paranoid, I'll use the preview directly, letting you see the link and you click on it if you want.

The vast majority of url shorteners, beyond the few name brand ones, exist to ruin you somehow. But the good ones are still good.

Re:Oh, I see ...

[fred911]

The user still has to navigate to a website then install the app granting android permission to execute. The statement "spread to victims via SMS messages." is fear mongering.
Here's a pretty interesting video.

http://www.youtube.com/watch?v...

BSD and Solaris

[aquabats]

BSD and Solaris for the WIN!

Misleading title - *controller* runs on PCs?

[Guy+Harris]

Perhaps "OmniRAT Lets Hackers Control Android Phones, Windows, Mac, and Linux PCs" really means "OmniRAT Lets Hackers Control Android Phones *from* Windows, Mac, and Linux PCs". A screen grab in the Avast blog post speaks of a "Multi-OS Server - Android Client", which may mean that the server that controls the remote phone can run on Windows, OS X, and Linux.

Re:Misleading title - *controller* runs on PCs?

[amicusNYCL]

The video here shows remote control of a Windows machine from an Android device:

https://www.linkedin.com/pulse...

Re:Mac ?

[Guy+Harris]

It appears that both the server and client are multi-platform, possibly as Java packages.

https://www.linkedin.com/pulse...

As that page says, "The Client was coded in Java to support as many OS as possible. It requires the Java Version 7 and is extremely persistent.", although it "supports less features" on OS X, Linux, and other "Unix machines".

Presumably it runs as root if it "You can view, create, delete, rename, download, copy and move all files & folders on your clients machine.", unless the ability to do that to all files and folders is one of those features not supported on UN*Xes. (Can you turn off rootless mode on OS X 10.11 with this tool?)

Re:Mac ?

[U2xhc2hkb3QgU3Vja3M]

Macs don't even ship with either Flash or Java these days and Java 7 is too recent compared to the last version that was included. I think it's a non-issue for the majority of Mac users.

Fight for your bitcoins!

Let me compare to TeamViewer(tm)

[behrooz0az]

Let me compare to TeamViewer(tm)
Both have a website.
Both accept paypal. OmniRAT accepts bitcoin too.
Both applications are visible in android settings, nothing is hidden.
TeamViewer license needs renewal, They Offer LifeTime license
You can't delete OmniRAT the same way you can't delete the sasmsung RAT or the google location thingy.
TeamViewer supports iOS and windows phone, they don't
TeamViewer has 24/7 phone support. OmniRAT only have an skype.
\ OmniRAT prices are $25 and $50, TeamViewer starts at 30 Euro/month and 145 Euro/month for corporate customers. (+$50 for each connection more than 3)
TeamViewer has non-commercial version available for free.(It disconnects if it detects you're using it too much)
OmniRAT offer upgrades at a lower price just like TeamViewer
Both are made in germany.
Nothing wrong with it. I'll buy it.