Canadian police last week raided the residence of a Toronto software developer responsible for authoring and selling “Orcus RAT,” a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is merely being abused, but security experts say it includes multiple features more typically seen in malware known as a Remote Access Trojan.
Canadian police raid "Orcus RAT" author, as part of joint investigations by RCMP, FBI and Australian police into those behind Remote Access Trojans. Author maintains it's merely a Remote Administration Tool; experts say it behaves more like malware https://t.co/dMgkW9euq9 pic.twitter.com/1qaWXfUfCo
— briankrebs (@briankrebs) April 2, 2019
Expert Comments Below:
Ilia Kolochenko, CEO at High-Tech Bridge:
“It is pretty difficult to draw a straight line and delineate legitimate RA software from malware. They frequently share many identical functionalities, with similar implementation, often for perfectly legitimate purposes. Unless the RAT in question cannot be used [by its design] for anything but malicious activities, it will be quite complicated to charge its author with a crime. However, a walkthrough with customers may shed some light on past cybercrimes committed by unscrupulous buyers who purposefully acquired the tool to break the law. A thorough investigation is required to determine both factual issues and intents prior to making any conclusions, however.”