Also known as: Fynloski, Breut, klovbot
Variants: DarkComet v5, DarkComet v3
Damage potential: Data theft (e.g., passwords), remote device access and control, additional malware installation, surveillance, keylogging, privacy breaches, and financial loss.
DarkComet RAT is a remote access trojan that targets Windows-based devices. This trojan can remotely access systems and devices without authorization, steal sensitive information, and manipulate the victim’s device. It runs silently in the background, making it difficult to detect.
DarkComet RAT tries to avoid detection, but an infection may have several symptoms (like slower-than-usual system performance). If you’re noticing slower response times or system freezes, running a system scan is a good idea.
Other possible symptoms of a DarkComet RAT infection include:
Unauthorized access (e.g., the mouse cursor moving on its own).
Higher-than-usual network traffic.
Unfamiliar processes running in the Task Manager.
Unexplained changes to system settings (e.g., desktop background).
Unusually high CPU or network usage.
Suspicious pop-ups, warnings, or notifications.
Unexpectedly disabled security software.
Sources of infection
DarkComet RAT can spread in many ways, often through phishing emails and malicious attachments.
Phishing emails. Users may unknowingly download DarkComet RAT by clicking a malicious link or opening an unsafe attachment.
Drive-by downloads. Users may automatically download DarkComet RAT when they visit a compromised website.
USB drives. DarkComet can spread via infected USB drives, external hard drives, or other removable media.
Software vulnerabilities. Some versions of DarkComet RAT may exploit security vulnerabilities to infect a device.
Malicious downloads. DarkComet RAT may be disguised as legitimate software or be bundled with pirated software downloads.
DarkComet RAT may infect your device in many ways. Take the necessary steps to protect yourself and your devices from this remote access trojan.
Regularly update your software. DarkComet RAT is known to target security vulnerabilities. Keep your software updated to protect your devices from the latest cyber threats.
Use reliable antivirus software. Protect your devices with trustworthy antivirus and anti-malware tools.
Download apps from trusted sources. Be careful with downloads — only use official websites and trusted app stores.
Use a firewall. Firewalls monitor and control incoming and outgoing network traffic. Enabling a firewall may help block malicious connections.
Enable multi-factor authentication (MFA). Multi-factor authentication can help protect your accounts even if someone has stolen your credentials.
Be wary of emails. DarkComet RAT may spread via phishing and spam emails. If you get an email that sounds off or urges you to do something, act with caution.
Browse with caution. Hackers may create fake websites that look legitimate to spread DarkComet RAT and other trojans. Pay close attention to the websites you visit, and don’t overshare information.
Use NordVPN’s Threat Protection. For a generally safer online experience, use Threat Protection — NordVPN’s advanced feature that blocks malicious sites, intrusive trackers, and annoying ads. Plus, it checks the files you download for malware.
DarkComet RAT is designed to avoid detection, so removing this trojan may be challenging. As with most trojans, the first step is disconnecting from the internet to prevent further communication with the attacker. Then, use reputable antivirus software to run a full security scan and follow the steps to remove the trojan. The process may often be complicated, so if you’re unsure what to do next, get help from an experienced IT professional.