These illegal uses are what made DarkComet's author put a break on the tool's further development, but sadly that won't stop its misuse.
"The real value of the RAT to the attacker is the core remote control functionality that breaches the confidentiality and integrity of the victim and the victim network by allowing the attacker full access to the target system," points out Arbor Networks researcher Curt Wilson.
"The monitoring of all keystrokes (including passwords, sensitive data entered onto secure sites), control of file upload/download, the ability to steal any file, access network shares, spy via webcam or microphone, download and install additional malware, and other features make these RATs a formidable threat when wielded by a focused attacker."
He and his colleagues have taken it upon themselves to follow and analyze the recent campaigns using the DarkComet RAT and to try and discover who might be behind them.
They started by looking at the passwords, server IDs and Command & Control infrastructure being used by the RAT itself.
"While it is of course possible for any attacker to set any password, C&C or server ID or name for any reason such as for misdirection purposes, it is also possible that these elements may reflect the intent of the campaign and give a hint towards the actors behind the scenes," shared Wilson.
And so they discovered that some campaigns targeted visitors of government websites, other online gamers, and others still political dissidents.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.