{
  "family": "darkkomet",
  "sample_count": 801,
  "category": "rat",
  "description": "DarkKomet, also known as DarkComet, is a well-known remote access trojan originally developed as legitimate remote-administration software but widely repurposed for malicious surveillance and credential theft. Notable for its use in surveillance campaigns against journalists and activists in the early 2010s, DarkComet provides keylogging, webcam capture, file transfer, and remote shell. Its development was officially discontinued in 2012, but the publicly-available builders remain in widespread use.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [
    "darkcomet",
    "fynloski"
  ],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Darkkomet?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "DarkKomet, also known as DarkComet, is a well-known remote access trojan originally developed as legitimate remote-administration software but widely repurposed for malicious surveillance and credential theft. Notable for its use in surveillance campaigns against journalists and activists in the early 2010s, DarkComet provides keylogging, webcam capture, file transfer, and remote shell. Its development was officially discontinued in 2012, but the publicly-available builders remain in widespread use."
      }
    },
    {
      "@type": "Question",
      "name": "How does Darkkomet spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "DarkKomet (DarkComet) is distributed through cracked-software bundles, malicious email attachments, and underground RAT marketplaces despite its original developer ceasing distribution in 2012."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of a Darkkomet infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Webcam or keystroke logging indicators, hidden processes, persistence via Run registry keys, and antivirus alerts for DarkComet or Fynloski are common signs."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Darkkomet on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1056.001",
    "T1547.001",
    "T1125"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}