AlienSpy RAT subscription malware has gnawed away at over 400,000 victims

Being sold online as 'malware-as-a-service'

The AlienSpy RAT (Remote Access Tool) has been making some major waves it would seem, at least according to the findings of a pair of researchers from security company Kaspersky.

As ZDNet reports, over at Kaspersky's Security Analyst Summit in Tenerife, Vitaly Kamluk and Aleks Gostev announced that AlienSpy has been responsible for at least 400,000 attacks on corporate and private targets across various industries including the finance world, engineering, education and government.

Most of the organisations hit have been small to medium-sized businesses, though.

AlienSpy – which is known by a number of other names including Adwind, JSocket and Sockrat – was highlighted by Kaspersky when it was used in a spear phishing attack on a bank in Singapore.

RAT for hire

It's written in Java so it's cross-platform, and it's for sale as a 'malware-as-a-service' platform with an online subscription model – including rudimentary technical support – making it usable by amateur cybercriminals.

The malware is particularly dangerous because of how easy it is to get going with it, along with the fact that it can compromise Windows, OS X and Linux systems.

It's capable of being used for remote desktop control and siphoning off data such as keystrokes, cached passwords and data from web forms, and can be used to snap screenshots of the desktop or pictures/video from webcams, and much more.

The online subscription site apparently had around 1600 registered users as of December last year, giving the operators an annual income of around $200,000 (about £140,000, AU$285,000), Kaspersky estimates.