An Australian Federal Police operation in conjunction with peer international agencies and Europol has shuttered commercial access to the Imminent Monitor Remote Access Trojan (IM-RAT), with the malware allegedly being commonly used to stalk domestic violence victims, authorities say.
According to an AFP statement, the “Australian-led operation” was spearheaded by the national force’s Cybercrime Investigations teams “with international activity coordinated by Europol” and “more than a dozen law enforcement agencies in Europe and Australia.”
The swoop is indicative of the broadening use of Trojans into the general surveillance software market that is commonly pitched at monitoring partners, children, family members and employees outside the more mainstream identity theft and fraud applications.
The AFP said the IM-RAT software “allowed a remote user to access and view documents, photographs and other files, record all the keystrokes entered and even activate the webcam on the victim’s computer – all of which could be done without the victim’s knowledge. “
“In Australia, a number of the IM-RAT purchasers are known to be respondents to domestic violence orders. Mobile service centres have also been targeted by IM-RAT users, demonstrating the broad range of criminal applications this malware can be used for,” the AFP said.
The operation followed a referral from the US Federal Bureau of Investigation “and the threat intelligence team Unit 42 at Palo Alto Networks,” the AFP said.
A major issue for authorities is that there is a legal grey area that unscrupulous software distributors can exploit as cover for their activities despite end purposes often being cybercrime.
“While not all uses of IM-RAT are illegal and owning a licence is not a criminal offence, the malware can be used for illegal purposes, such as gaining remote user complete access to a potential victim’s computer,” the AFP said.
Australian authorities estimated that the network under pinning IM-RAT’s distribution network was spread across 124 countries.
Sales records accessed in the swoop showed “there may more than 14,500 buyers” with the Trojan advertised “via a website dedicated to hacking and the use of criminal malware” with a licence costing as little as $US25, the AFP said.
Which, on the surface, suggests overt malware marketing tactics coupled with a payments left out in the open will get your door kicked in by the Feds who are clearly intent on disrupting what could otherwise be a blossoming market.
“The offences enabled by IM-RAT are often a precursor to more insidious forms of data theft and victim manipulation, which can have far reaching privacy and safety consequences for those affected. These are real crimes with real victims,” AFP spokesperson Acting Commander Cybercrime Operations Chris Goldsmid said.