Remote Access Trojan

DarkComet

First seen: 2008 • Status: inactive

Currently Inactive

DarkComet was a popular spy program whose creator stopped making it after bad governments used it to spy on protesters, but copies still spread online.

Overview

DarkComet is a RAT that was publicly available before its developer discontinued it in 2012 after Syrian government use. Despite this, existing versions continue to be used by various threat actors.

Also Known As

Fynloski, Dark Comet

How It Spreads

  • Spear phishing
  • Social engineering
  • Software bundling

What It Does

  • Remote access
  • Keylogging
  • Webcam spying
  • File management
  • Password theft

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for DarkComet network signatures
  • Check for characteristic registry keys
  • Analyze startup folders
  • Review process activity for injection

MITRE ATT&CK Techniques

T1021, T1056, T1125, T1083, T1555

If You're Infected

  1. 1.

    Remove DarkComet and all components

  2. 2.

    Reset all credentials

  3. 3.

    Block known C2 servers

  4. 4.

    Educate users on social engineering

Related Malware

Njrat, Gh0strat, Nanocore

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices