Sale of POC tool for hidden VNC/RDP (HVNC/HRDP)

Sale of POC tool for hidden VNC/RDP (HVNC/HRDP)

For informational purposes only

Type of tool: implementation of hidden remote control sessions (Hidden VNC + Hidden RDP) on the attacked user's machine Affected OS: Windows Price: $80K (per one hand)

The seller offers a POC version of the tool that implements hidden VNC and RDP sessions on the attacked user's host. According to the author, the current implementation works entirely in userland, does not require elevated privileges or drivers, supports WebGL (that is, the hidden desktop is able to render modern GPU-accelerated content, including banking web applications with 3D visualization) and is not detected by AV/EDR with proper refinement. At the moment, this is a POC - the author promises to develop it into a full-fledged product and raise the price.

HVNC and HRDP are well-established techniques in the arsenal of financial Trojans. They were first mentioned in detail in reports of the mid-2010s. And since then, they have regularly appeared in TrickBot, IcedID, BazarLoader, campaigns of FIN7 and other groups. The essence is to open a hidden desktop on the attacked user's machine, on which the attacker performs actions on behalf of the user: logging into the online bank, initiating a transfer, adding a recipient (while the attacked user sees the regular desktop).

The novelty of the tool, according to the description, lies in the engineering details of the implementation (the rejection of drivers and elevated context), not in the fundamental approach.