Amnesty International, Digitale Gesellschaft, the Electronic Frontier Foundation and Privacy International have partnered to create and release a free and open source tool for detecting traces of known surveillance spyware on Windows computers.
The tool – dubbed Detekt – is written in Python and relies on Yara, Volatility and Winpmem to scan the memory of a running Windows system, and is currently able to spot pre-defined patterns that point towards the following malware running on the computer: DarkComet RAT, XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT, and Gh0st RAT.
At the moment it can be used on all Windows version from Windows XP to Windows 8 (32 and 64 bit) and Windows 8.1 (32bit).
As noted above, Detekt is able to identify the presence of some spyware, but not all. So even if it doesn’t find anything, this doesn’t mean that there is no spyware on the machine.
Also, the tool only detects the malware – it can’t remove it. If it finds something, it will generate a log file with additional details that will allow technical experts to investigate the matter. In any case, that computer – and the files, emails, and other things on it – should be considered compromised.
“Governments are increasingly using dangerous and sophisticated technology that allows them to read activists and journalists’ private emails and remotely turn on their computer’s camera or microphone to secretly record their activities. They use the technology in a cowardly attempt to prevent abuses from being exposed,” said Marek Marczynski, Head of Military, Security and Police at Amnesty International.
“Detekt is a simple tool that will alert activists to such intrusions so they can take action. It represents a strike back against governments who are using information obtained through surveillance to arbitrarily detain, illegally arrest and even torture human rights defenders and journalists.”
Detekt was developed by security researcher Claudio Guarnieri with the help of people from the aforementioned organizations and others.
The tool is available in several languages. You can download it and find more about it here.