An Arabic-speaking malware coder using the name Napoleon has released a new RAT (Remote Access Trojan/Tool) called Revenge, which he's distributing for free via underground hacking forums.

The coder published the first version of the Revenge RAT on June 28, when he provided a download link via Dev Point, a hacking forum visited by Arabic-speaking users.

At the time of its release, only one of the 54 scanners on VirusTotal detected the new RAT. This has changed in the meantime, and over 40 scanners detect the first version as malicious.

First Revenge RAT version was a simple tool

Revenge v0.1 was a simple tool, according to a researcher known as Rui, who says the malware's author didn't bother obfuscating the RAT's source code. This raised a question mark with the researchers, who couldn't explain why VirusTotal scanners couldn't pick it up as a threat right away.

Revenge, which was written in Visual Basic, also didn't feature too many working features, compared to similar RATs. Even Napolean admitted that his tool was still in the early development stages, a reason why he provided the RAT for free.

Another reason for releasing the RAT might be that he's trying to build a reputation for himself and the RAT, in anticipation of the moment when he'll release Revenge under a commercial plan.

Second Revenge version has a lot more features

Two months later, on August 21, Napoleon launched Revenge RAT v0.2 on another hacking forum, more famous among crooks. The RAT was still available for download for free and included more powerful features.

The number of features Napoleon added to Revenge and his willingness to offer it for free spurred the forum's community to ask if somehow the RAT was backdoored or infected. Their subsequent investigation revealed it was not.

Revenge RAT v0.2 GUI

The latest Revenge RAT comes at a size of 20 kb and features the ability to open a remote shell, initiate remote desktop sessions, interact with the victim's file manager, manage local OS processes, list active windows, manage OS services, and the ability to edit the victim's Windows Registry.

Other features include a victim IP tracker, a keylogger, a clipboard manager, the ability to list installed programs, a hosts file editor, an OS startup management feature, a password dumper, and the ability to access the user's webcam.

It usually takes about a year for malware coders to put out a fully functional feature-packed RAT. Revenge is only in its incipient stages, and future versions may be up to par with other tools such as Adwind, Remcos, Ozone, or Orcus.

Future versions will also likely feature code obfuscation and anti-analysis protection to make it harder for security products to flag Revenge as malware. If the author has enough time to develop Revenge, the RAT will catch up to its competition.

Below is a video of the Revenge RAT (v0.1) in action, uploaded by Napoleon on YouTube.