Description
The Remote Desktop or Screen Capture feature in malware provides the attacker with the ability to silently view and control the victim's desktop in real-time. This capability is akin to virtually looking over the victim's shoulder, offering an unfiltered window into the user's activities and data. For the attacker, this offers a multi-faceted advantage: it allows for easy data harvesting, offers clues for further exploitation, and can facilitate lateral movement across a network. Whether the end goal is data theft, corporate espionage, or advanced persistent threats, the ability to capture or control a desktop remotely equips attackers with a potent tool for deepening their intrusion into a compromised system.
| Categories | Assistance, Spy / Surveillance |
| Dangerousness | High |
Existing Technique
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Desktop Screenshot / Streaming
|
Remote Desktop / Screen Capture | 0 |
Associated with Releases
| Version | Origins | Authors | Languages | Release Date |
|---|---|---|---|---|
 Lost Door 4.3.1
|
Tunisia 🇹🇳 | OussamiO | Visual Basic 6 (VB6) | Apr, 2010 |
 DarkComet RAT 2.0 RC7
|
France 🇫🇷 | DarkCoderSc | Assembly, Delphi | Jun, 2010 |
 Schwarze Sonne 1.0
|
Unknown 🏴☠️, Germany 🇩🇪, Turkey 🇹🇷 | ap0calypse , Slayer616 , Counterstrikewi | Delphi | Jun, 2010 |
 Lost Door 5.1
|
Tunisia 🇹🇳 | OussamiO | Visual Basic 6 (VB6) | Oct, 2010 |
 Coolvibes 1 Update 8
|
Spain 🇪🇸 | Thor | Delphi | May, 2011 |
 Xtreme RAT 2.9
|
Brazil 🇧🇷 | Raphael | Delphi | Jul, 2011 |
 DarkComet RAT 5.3
|
France 🇫🇷 | DarkCoderSc | Assembly, Delphi | Jun, 2012 |
 DarkComet RAT 5.3.1
|
France 🇫🇷 | DarkCoderSc | Assembly, Delphi | Jun, 2012 |
 Bozok 1.4
|
Germany 🇩🇪, Turkey 🇹🇷 | Slayer616 | Delphi | Aug, 2013 |
 NjRat 0.7d
|
Kuwait 🇰🇼 | njq8 | VB .net | Dec, 2013 |
 Quasar 1.0
|
Unknown 🏴☠️ | MaxXor | C# | Aug, 2015 |
 Lost Door 9.2 Aws
|
Tunisia 🇹🇳 | OussamiO | Visual Basic 6 (VB6) | Jan, 2022 |