A Tunisian hacker known as OussamiO has been working for nine years to distribute his Remote Access Trojan (RAT) via advertisements on the Dark Web, but also on popular networks such as Facebook, YouTube and Google’s Blogspot.
Trend Micro security experts claim that OussamiO created the Lost Door RAT in 2007 and has not shied away from advertising its software on the public Internet, unlike many of his fellow malware developers who like keep their operations away from prying eyes.
RAT encoder isn’t afraid to market their product on the Surface Web
The main point of operation for OussamiO’s business is its Blogspot blog, where it regularly posts new versions of Lost Door, upcoming updates, user tips and tutorial videos, which it hosts. brazenly on YouTube.
Besides the Dark Web ads on underground hacking forums in Brazil, China and Russia, the scammer is also very active on Facebook, where he maintains his own page.
To purchase its malware, users must contact it by email, Yahoo, or Gmail. The price of the RAT is not publicly available, but similar tools typically sell for between $ 10 and $ 50 depending on their capabilities.
Lost Door uses port forwarding trick to hide its activity
As for the RAT itself, Trend Micro says security solutions can struggle to detect its activity due to how it works.
Lost Door comes with a builder, which means anyone who buys it has a plethora of options available to them to create unique looking and operational malware. Detecting the RAT is also made more difficult due to the way it masks traffic.
“Lost Door exploits the port forwarding feature of routers, a tactic also used by DarkComet. By abusing this feature, a remote attacker can gain access to the server side of a private network, whether at home or in the office.” , explained the Trend Micro team. . “It also means that any malicious traffic or communication can be passed off as normal / internal, thus helping attackers to mask their C&C address, since the server side does not connect to it directly.”
Once Lost Door is deployed, an attacker would be able to access files, download and upload content from computer, install and run any kind of software, access webcam feeds, ‘record keystrokes and virtually take control of the entire operating system. OussamiO says it has tested its RAT on all major versions of Windows, from XP to Windows 10.
What is more curious about this is that neither Facebook nor Google have removed the public pages of this scammer after all these years.
Lost Door RAT Builder