This report is a comprehensive description of the JSocket Remote Access Tool (RAT), and its significant capability to control PCs, Linux machines, Macs and Android devices. The PC version has the ability to achieve complete remote control over the victim machine, including monitoring webcams and microphones. The Android version of the malware has the ability to use the GPS embedded in the phone to track the user and use the camera and microphone to spy on the user. The combination of these capabilities makes JSocket a unique and serious threat to the electronic and physical security of victims. The tool has been used in global phishing attacks and its use has been implicated in a number of notable attacks.
The malware was even found on the phone of Argentinian prosecutor Alberto Nisman, who was murdered in a high-profile case earlier this year. The goal of this paper is to provide some updates to our previous FTA on AlienSpy, the predecessor of JSocket, and to discuss its Android capabilities in detail.
Related on Threat Geek: