The operation has taken down the hacking tool which was able to give full remote control of a victim’s computer to cybercriminals. The successful outcome was the result of an international law enforcement operation targeting the sellers and users of the Imminent Monitor Remote Access Trojan (IM-RAT).
The investigation, led by the Australian Federal Police (AFP), with international contributions coordinated by Europol and Eurojust, resulted in an operation involving numerous judicial and law enforcement agencies in Europe, Colombia and Australia.
The coordinated activity of these law enforcement agencies has brought about an end to the availability of this software tool, which was used, as a minimum, in 124 countries and sold to more than 14,500 buyers. IM-RAT can no longer be used by those who bought it.
The investigation began several months ago, but in June 2019, search warrants were executed against IM-RAT developers in Australia and Belgium. An international week of actions took place in November, resulting in the takedown of the Imminent Monitor infrastructure and the arrest of the 13 most prolific users of the RAT. Furthermore, 430 devices were seized during the operation and will now undergo forensic analysis.
This insidious RAT, once installed undetected, gave cybercriminals free rein to control the victim’s machine remotely. Hackers were able to disable anti-virus and anti-malware programmes, carry out commands such as recording keystrokes, steal data and passwords and watch the victims via their webcams, all without the victim’s knowledge.
This RAT was considered a dangerous threat due to its features, ease-of-use and low cost. Anyone with the nefarious inclination to spy on victims or steal personal data could do so for approximately US$25.
The global scope and technical nature of this type of crime mean that effective cooperation and coordination between all the relevant actors are crucial for combating it and overcoming obstacles to investigations.
Victims are believed to be in the thousands, with investigators having already identified evidence of stolen personal details, passwords, private photographs, video footage and data.
The public and businesses can take simple steps to protect themselves from this type of malware, for example:
• Update your software, including anti-virus software.
• Install a good firewall.
• Don’t open suspicious attachments or emails, even if they come from people on your contact list.
• Create strong passwords.