Case of the evil roommate

About the caller having curser moving and clicking on its own. Leo suspects a “Evil Roommate” is remotely messing.
I would like to know what the computer history would show. Might lead to the culprit!

I had a prank USB dongle that would emulate a mouse/keyboard, it would randomly send keystrokes and/or mouse movement. I used to hang it off noobie woorkstations back when offices were a thing. If the roommate is a prankster it could be one of those.

2 Likes

I sometimes see this type of problem because of a serial device being detected as a Microsoft serial mouse by Windows. This can happen with USB devices that use RS-232 bridge chipsets (still fairly common), or a regular RS-232 serial device, if they start sending data at power up.

For that situation the troubleshooting is easy, simply disconnect all USB and RS-232 connected devices, except mice and keyboards, and reboot. If it comes up OK then you can re-connect devices one at a time and reboot to figure out which device is triggering the automatic mouse detection. There is a registry hack to stop the problem although the hack gets overwritten on some Windows updates (It seems to happen at least once a year to me).

I think the key here is that the activity stopped when the owner stepped in front of the camera. In any case, wouldn’t a really good RAT have some mechanism to conceal the activity of the remote user?

Yeah I’m always very reluctant to ascribe to a hacker what can easily be explained by human/computer error, but this case was pretty convincing:

  1. The mouse movements did not seem random, windows were being opened, programs were being run.
  2. All activity stopped when the caller was in view of the laptop’s camera
  3. He had left the computer logged in and running on the kitchen table when his roommates were home.

I think it was most likely a set-up call (you’d be surprised how many of these we get) but if he was being honest, I’d have to conclude that all signs point to a RAT.

1 Like

Yeah, there have definitely been calls where it felt like the person on the other end was “playing to the crowd.” I guess this is how talk radio shows are vulnerable to social engineering.

I don’t see any harm in the call…