National Crime Agency brings down prolific Trojan marketplace

Imminent Methods sold IM-RAT malware for as little as $25

Trojan

A website that sold hacking tools responsible for infecting thousands of machines has been seized following an internationally coordinated effort from law enforcement agencies.

Imminent Methods was a 'clearnet' site that provided hackers with tools such as the Imminent Monitor Remote Access Trojan (IM-RAT) for as little as $25 (£19), according to the National Crime Agency (NCA).

Search warrants were drafted across nine different countries, resulting in the search and seizure of articles related to the running of the website. Out of the 85 total warrants, 21 were executed in cities and regions across the UK, including London, Manchester, Leeds, Somerset, Essex and Merseyside.

Nine arrests were made in the UK, 14 globally, and more than 400 items were seized in total.

"The IM-RAT was used by individuals and organised crime groups in the UK to commit a range of offences beyond just the Computer Misuse Act, including fraud, theft and voyeurism," said Phil Larratt, NCA's National Cyber Crime Unit.

"Cyber criminals who bought this tool for as little as US$25 were able to commit serious criminality, remotely invading the privacy of unsuspecting victims and stealing sensitive data".

RATs are a type of malware that are often downloaded invisibly and usually include a backdoor that can be later exploited by the author to gain unauthorised access to a machine. Once installed, RATs can spread between machines, gradually forming a botnet to increase the amount of data the malware's distributor has access to.

Notable victims of IM-RAT include Russia-based IT service providers and an assortment of West African banks.

The total number of victims is unknown, however, it's believed at least tens of thousands of machines may have been exposed to the malware. Evidence suggests that personal details, passwords, private photographs, video footage and other sensitive data have been harvested as a result.

Law enforcement agencies were originally tipped off by the FBI which was working alongside cyber security outfit Unit 42 from Palo Alto Networks in 2017.

It's important to note that simply owning a license for the malware isn't illegal, and there are uses for it beyond criminal activity. Only when it's used it to break into computers and violate computer safety laws does it become a criminal offence.

"The offences enabled by IM-RAT are often a precursor to more insidious forms of data theft and victim manipulation, which can have far-reaching privacy and safety consequences for those affected. These are real crimes with real victims," said Chris Goldsmid, acting commander cybercrime operations at the AFP.

Related Resource

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

"We now live in a world where, for just US$25, a cybercriminal halfway across the world can, with just a click of the mouse, access your personal details or photographs of loved ones or even spy on you," said Steven Wilson, head of the European Cybercrime Centre.

Unusually, Imminent Methods operated in the 'clearnet', which means it could be freely accessed by anyone using normal search engines. It's more common for cyber criminals to head to the dark web to buy and sell malware such as RATs where the seizure of the site is less likely to take place.

Interpol has long maintained that the hacking tools available to buy on the dark web are fuelling cyber crime, being one of the primary contributors to the rise of 'as a service' models.

More recently, the trend of ransomware as a service (RaaS) has been the tool of choice for cyber criminals due to the inexpensive price and high chance of profit.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Six ways boards can step up support for cyber security
Business strategy

Six ways boards can step up support for cyber security

22 Jul 2021