German Police Raid OmniRAT Developer, Seize Digital Assets

OmniRAT is a Magento plugin that allows you to build and promote your product to thousands of customers, from anywhere in the world. OmniRAT is easily and quickly configured, offers up to 25% commission on your product sales, and features a sales dashboard for tracking your business. You can also easily find, track, and promote your product on Magento store in a matter of minutes.

OmniRAT is a tool that lets you write code from other languages and is a project of the Internet of Things. So, if you’re an aspiring developer, you can write Java code from other languages like Python and Ruby, or you can integrate a RAT (remote access tool) function for Linux or Windows.

OmniRAT is an all in one CRM for core project management and business management. The OmniRAT product is focused on business management and project management, using OmniFocus for core project management and Salesforce for project management. The OmniRAT product is designed to be used by companies from all industries, whether they are in the business of high tech, IT or retail.

German police raided the home of the OmniRAT developer yesterday and confiscated his laptop, computer and mobile phones, likely as part of an investigation into a recent cyberattack, a source told The Hacker News.

OmniRAT made headlines in November 2015 when its developer released it as a legitimate remote management tool for IT experts and businesses to manage their devices with explicit permissions.

Available between $25 and $100, OmniRAT quickly became one of the most popular remote administration tools, allowing users to monitor Android, Windows, Linux, and Mac devices remotely and access all available information about them. .

However, just like any other remote administration tool such as DroidJack, DarkComet, AndroRAT, and njRAT, some OmniRAT customers also used the tool for illicit purposes, especially since it was available at a much cheaper price than other RATs on the market.

In one such event earlier this year, a group of hackers attempted to target various industries by exploiting an old remote code execution vulnerability (CVE-2016-7262) in Microsoft Excel that eventually installed OmniRAT on targeted computers.

According to a security researcher who reported this incident in January, the attackers used a distorted Excel spreadsheet disguised as a business profile for “Kuwait Petroleum Corporation (KPC)” to lure their victims into opening the attachment.

Although the Kuwait Petroleum Company was not targeted by the malware, another anonymous source told The Hacker News that almost two months ago, lawyers representing the oil company began sending emails to the domain registrar from where the official domain was registered. from OmniRAT and required them to reveal the identity of the domain owner, citing ICANN and GDPR rules related to whois.

The content on the official OmniRAT website has been unavailable since the last few days, which has probably been removed by its developer to prevent your domain registrar from revealing your identity to the company.

The developer of OmniRAT reportedly resides in Germany, but his identity is still unknown to the public.

At this time, it is unclear whether the German police raid is related to efforts by the Kuwait Oil Company or involves some separate criminal case against it.

It is also possible that the German police are after the list and identity of all customers who bought OmniRAT in the last four years to crack down on cybercriminals abusing the tool.

In a similar operation in 2015, law enforcement agencies in several countries raided homes and arrested suspected users of DroidJack smartphone malware.

Although the creation of malware or hacking tool is illegal in Germany, as it is in many other countries, it also depends on how the tool is advertised.

Because just like penetration testing tools, remote administration tools are also a two-edged sword and can be used for both legal and illegal purposes.

In one case, it was reported that two years ago a group of hackers was using OmniRAT to spy on Islamic State (ISIS) members and sympathizers by distributing its version of Android through the popular messaging app Telegram.

Although the developer of OmniRAT did not appear to have directly encouraged its customers to use the tool to spy on someone, late last year, it posted a description and new features of its tool on an infamous hacking forum, a website that is famously among newbies for finding hacking tools in the market.

OmniRAT Remote Administration Tool

On the same hacking forum, in April this year, he announced the closure of OmniRAT, saying that “unfortunately, due to pressure from the government and the cybercrime division, OmniRAT has to be shut down. This will take immediate effect.”

However, since the operation of the tool does not directly depend on or share the data collected from the device with the OmniRAT server, users who already have access to the remote administration tool can still continue to use it for whatever purpose they wish.

The Hacker News is keeping an eye on all possible developments in this story and will update our readers as soon as we know more about it.