Cross Platform Trojan builder distributed on underground forums

ID THN:BC84B1B12280F62D5530394736ADB551
Type thn
Reporter Mohit Kumar
Modified 2013-02-14T13:42:51


A Cross platform back door 'Frutas' remote access tool (RAT) is available for download on many forums from January 2013. This Trojan builder is completely written in Java.

Recently, Symantec experts analyse that Frutas RAT allows attackers to create a connect-back client JAR file to run on a compromised computer. The back door builder provides some minor obfuscation, which allows the attacker to use a custom encryption key for some of the embedded back door functionality.

Once a backdoor connection is established, the RAT server alerts the attacker and allows them to perform various back door functions on the compromised computer i.e Browse file systems, Download and execute arbitrary files, Perform denial of service attacks, Open a specified website in a browser.

According to Symantec only 2 out of the 46 vendors from Virus Total are detecting it as a threat.