Since last week, Canadian police looks highly active. They raided the house in the location of Toronto where a software developer was recognized behind “Orcus RAT”. It is a tool that’s been promoted on a secretive online store and used in several cyber-attacks including countless malware attacks. This software was created in 2015.
Its author preserves Orcus is a genuine Remote Administration Tool. This tool is just being abused, but Cybersecurity professionals consider dangerous. It comprises multiple structures more typically observed in malware known as a Remote Access Trojan.
Interestingly, a comprehensive report was published in July 2016. That report briefly indicated “Canadian Man Behind Popular Orcus Rat”. Orcus is actually the idea of John “Armada” Rezvesz, who was the resident of Toronto. He preserved and traded the RAT under the company name Orcus Technologies.
There was an official press release in Pastebin that got people attention on March 31, 2019. Rezvesz stated that his company newly was the subject of an international search warrant performed jointly by the Royal Canadian Mounted Police (RCMP) and the Canadian Radio-television and Telecommunications Commission (CRTC).
Later in these procedures, the established order seized several backup hard drives [containing] a large portion of Orcus Technologies business enterprises, and practices,” Rezvesz stated. “Data inclusive on such drives comprise but are not restricted to: User personal info including user names, real names, financial transactions, and more. The detailed investigations including arrests and searches enlarge to an international investigation at this point, with some other countries as America, Germany, Australia, Canada and possibly more.
The RCMP stated that the raid was part of a globally coordinated determination with the Federal Bureau of Investigation and the Australian Federal Police, as part of “a series of ongoing, parallel inquiries into Remote Access Trojan (RAT) technology.
This kind of malicious software (actually malware) allows remote access to Canadian computers, without their users’ permission and can be the reason to the subsequent installation of other unwanted malware and theft of private information.
The CRTC issued a warrant under the law of Canada’s Anti-Spam Legislation (CASL) and the RCMP National Division executed a search warrant under the Criminal Code separately,” see a declaration published last week by the Canadian government.
Tips from international private cybersecurity firms triggered the investigation
Rezvesz preserves his created software that was designed for legitimate use only and for system authentications seeking more influential, full-featured ways to remotely control multiple PCs around the globe. He’s also stated he’s not accountable for how licensed clients use his products, and that he aggressively kills software licenses for clients found to be using it for an online scam.
This was the big issue and international media also covered it as breaking news. Yet the list of features and plugins marketed for this RAT comprises features that come expressively beyond what one might observe in a traditional remote administration tool, for example, DDoS-for-hire capabilities, and the capability to deactivate the light indicator on webcams so as not to attentive the target that the RAT is active.
As the report published in 2016, in conjunction with his RAT Rezvesz also traded and promoted a bulletproof “dynamic DNS service” that assured not to keep any records of customer doings.
Rezvesz seems to have a talent for the dramatic and has occasionally emailed this author over the years. Often, the missives were taunting, or vaguely ominous and frightening. Like the time he finally ready to say he was hiring a private investigator to discover and track me.
Just to add into readers’ knowledge, the sale and marketing of remote administration tools are not illegal in the United States, and indeed there are plenty of same tools traded by legitimate organizations to help computer professionals remotely administer computer systems.