National Crime Agency brings down prolific Trojan marketplace

Imminent Methods sold IM-RAT malware for as little as $25

Trojan

A website that sold hacking tools responsible for infecting thousands of machines has been seized following an internationally coordinated effort from law enforcement agencies.

Imminent Methods was a 'clearnet' site that provided hackers with tools such as the Imminent Monitor Remote Access Trojan (IM-RAT) for as little as $25 (£19), according to the National Crime Agency (NCA).

Advertisement - Article continues below

Search warrants were drafted across nine different countries, resulting in the search and seizure of articles related to the running of the website. Out of the 85 total warrants, 21 were executed in cities and regions across the UK, including London, Manchester, Leeds, Somerset, Essex and Merseyside.

Nine arrests were made in the UK, 14 globally, and more than 400 items were seized in total.

"The IM-RAT was used by individuals and organised crime groups in the UK to commit a range of offences beyond just the Computer Misuse Act, including fraud, theft and voyeurism," said Phil Larratt, NCA's National Cyber Crime Unit.

"Cyber criminals who bought this tool for as little as US$25 were able to commit serious criminality, remotely invading the privacy of unsuspecting victims and stealing sensitive data".

RATs are a type of malware that are often downloaded invisibly and usually include a backdoor that can be later exploited by the author to gain unauthorised access to a machine. Once installed, RATs can spread between machines, gradually forming a botnet to increase the amount of data the malware's distributor has access to.

Notable victims of IM-RAT include Russia-based IT service providers and an assortment of West African banks.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The total number of victims is unknown, however, it's believed at least tens of thousands of machines may have been exposed to the malware. Evidence suggests that personal details, passwords, private photographs, video footage and other sensitive data have been harvested as a result.

Law enforcement agencies were originally tipped off by the FBI which was working alongside cyber security outfit Unit 42 from Palo Alto Networks in 2017.

It's important to note that simply owning a license for the malware isn't illegal, and there are uses for it beyond criminal activity. Only when it's used it to break into computers and violate computer safety laws does it become a criminal offence.

"The offences enabled by IM-RAT are often a precursor to more insidious forms of data theft and victim manipulation, which can have far-reaching privacy and safety consequences for those affected. These are real crimes with real victims," said Chris Goldsmid, acting commander cybercrime operations at the AFP.

Related Resource

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

"We now live in a world where, for just US$25, a cybercriminal halfway across the world can, with just a click of the mouse, access your personal details or photographs of loved ones or even spy on you," said Steven Wilson, head of the European Cybercrime Centre.

Advertisement - Article continues below

Unusually, Imminent Methods operated in the 'clearnet', which means it could be freely accessed by anyone using normal search engines. It's more common for cyber criminals to head to the dark web to buy and sell malware such as RATs where the seizure of the site is less likely to take place.

Interpol has long maintained that the hacking tools available to buy on the dark web are fuelling cyber crime, being one of the primary contributors to the rise of 'as a service' models.

More recently, the trend of ransomware as a service (RaaS) has been the tool of choice for cyber criminals due to the inexpensive price and high chance of profit.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

What is a Trojan?
Security

What is a Trojan?

15 Jun 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Best antivirus for Windows 10
antivirus

Best antivirus for Windows 10

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020