National Crime Agency brings down prolific Trojan marketplace

Imminent Methods sold IM-RAT malware for as little as $25

Trojan

A website that sold hacking tools responsible for infecting thousands of machines has been seized following an internationally coordinated effort from law enforcement agencies.

Imminent Methods was a 'clearnet' site that provided hackers with tools such as the Imminent Monitor Remote Access Trojan (IM-RAT) for as little as $25 (£19), according to the National Crime Agency (NCA).

Search warrants were drafted across nine different countries, resulting in the search and seizure of articles related to the running of the website. Out of the 85 total warrants, 21 were executed in cities and regions across the UK, including London, Manchester, Leeds, Somerset, Essex and Merseyside.

Nine arrests were made in the UK, 14 globally, and more than 400 items were seized in total.

"The IM-RAT was used by individuals and organised crime groups in the UK to commit a range of offences beyond just the Computer Misuse Act, including fraud, theft and voyeurism," said Phil Larratt, NCA's National Cyber Crime Unit.

"Cyber criminals who bought this tool for as little as US$25 were able to commit serious criminality, remotely invading the privacy of unsuspecting victims and stealing sensitive data".

RATs are a type of malware that are often downloaded invisibly and usually include a backdoor that can be later exploited by the author to gain unauthorised access to a machine. Once installed, RATs can spread between machines, gradually forming a botnet to increase the amount of data the malware's distributor has access to.

Notable victims of IM-RAT include Russia-based IT service providers and an assortment of West African banks.

The total number of victims is unknown, however, it's believed at least tens of thousands of machines may have been exposed to the malware. Evidence suggests that personal details, passwords, private photographs, video footage and other sensitive data have been harvested as a result.

Law enforcement agencies were originally tipped off by the FBI which was working alongside cyber security outfit Unit 42 from Palo Alto Networks in 2017.

It's important to note that simply owning a license for the malware isn't illegal, and there are uses for it beyond criminal activity. Only when it's used it to break into computers and violate computer safety laws does it become a criminal offence.

"The offences enabled by IM-RAT are often a precursor to more insidious forms of data theft and victim manipulation, which can have far-reaching privacy and safety consequences for those affected. These are real crimes with real victims," said Chris Goldsmid, acting commander cybercrime operations at the AFP.

Related Resource

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

"We now live in a world where, for just US$25, a cybercriminal halfway across the world can, with just a click of the mouse, access your personal details or photographs of loved ones or even spy on you," said Steven Wilson, head of the European Cybercrime Centre.

Unusually, Imminent Methods operated in the 'clearnet', which means it could be freely accessed by anyone using normal search engines. It's more common for cyber criminals to head to the dark web to buy and sell malware such as RATs where the seizure of the site is less likely to take place.

Interpol has long maintained that the hacking tools available to buy on the dark web are fuelling cyber crime, being one of the primary contributors to the rise of 'as a service' models.

More recently, the trend of ransomware as a service (RaaS) has been the tool of choice for cyber criminals due to the inexpensive price and high chance of profit.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is a Trojan?
Security

What is a Trojan?

14 Oct 2020
Bank-targeting malware disguises itself as video conferencing software
Security

Bank-targeting malware disguises itself as video conferencing software

19 Oct 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020

Most Popular

The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020