Many people who work in the software development field tend to express some sort of interesting in the malware field. Of course, creating a piece of malware means that you will be working with new features, frameworks and program structures so that it is safe to say that there is something to learn from such a project. Unfortunately, some of these users decide to publish their project online once it is done and, even worse, they often release the full source code for others to use. This is a dream come true for cybercriminals who can take advantage of a new hacking Tool free of charge, and even modify its source code to change certain features or extend its functionality.
The Lilith Rat is a fine example of a hacking tool that was created as a fun project but might end up being used for unsafe purposes due to its source code being available for free. Of course, the author has added a disclaimer that this tool is meant to be used for education and should not be used on computers without the knowing approval of their owners.
The first important thing to mention about the structure of the Lilith RAT is that it is fully modular and is operated via a command line – this makes it light-weight and flexible incredibly. The core features of the Lilith RAT are far from impressive when compared to similar threats, but it is important to note that its modular structure would enable experienced hackers to use PowerShell scripts to introduce other utilities to the infected device – keyloggers, password recovery tools or other malware.
The base version of the Lilith RAT has a basic keylogging module, an auto-installer, and the ability to achieve persistence by tampering with the Windows Registry.
The Lilith RAT appears to be abandoned by its author for now since it has not been updated in nearly two years. However, the source code remains available for free, and the tool has been referenced on several hacking forums – a sure sign that cybercriminals are aware of it and may decide to use it any time.