At one point, the AntiHacker malware even had its own Facebook group - now offlineh-online: Syrian activists, journalists and opposition group members are reportedly under attack by malware claiming to be a security tool that will help protect them against hackers. The fake “AntiHacker” tool is being spread through targeted phishing emails and via sites such as Facebook, and claims to provide “Auto-Protect & Auto-Detect & Security & Quick scan and analyzing” functionality.

However, according to the Electronic Frontier Foundation (EFF), the fraudulent tool actually installs a program called DarkComet RAT (remote access tool). The US digital rights advocacy organization says that the new malware is being spread and controlled by pro-government hackers. With DarkComet, these hackers can remotely access users’ systems to steal private data, record keystrokes, disable certain antivirus programs’ notification systems and even obtain images from a computer’s built-in webcam.

Users who believe their systems are infected with the remote access program can download the DarkComet RAT removal tool by developer Jean-Pierre Lesueur, who originally wrote DarkComet. Lesueur stopped development and sales of DarkComet after he learned that it was being used by Syrian government forces against political opponents.