Researchers have discovered DCRat, a Remote Access Trojan (RAT) that was initially developed in 2018 and has gone through significant changes since, being sold on a Russian cybercriminal forum. This sale of DCRat is notable for how cheap it is, going for only 500 RUB ($5) for a two-month license, 2,200 RUB ($21) for a year, and 4,200 RUB ($40) for a lifetime subscription.
DCRat supports many of the same functionalities as other RATs, including command execution, information stealing, keylogging, and more. The utility also includes a plugin library that subscribers to the system can download and use or create themselves to extend the functionality of the malware. Persistence of infected systems is achieved through either the use of the Registry Run key or a scheduled task. One interesting thing about DCRat is its killswitch. The C2 application for DCRat checks a specific public GitHub repository controlled by the author for a value in a file. If that file value is modified by the author, it will render all administrative panels of DCRat unusable, rendering the malware ineffective.
While DCRat contains similar functionality to other RATs, its cheap price and modularity will likely make it a favorite among threat actors.