RAT developer arrested for infecting 10,000 PCs with malware
Ukraine’s cyberpolice has arrested the developer of a remote access trojan (RAT) malware that infected over 10,000 computers while posing as game applications.
“The 25-year-old offender was exposed by employees of the Khmelnychchyna Cybercrime Department together with the regional police investigative department and the SBU regional department,” reads the cyberpolice’s announcement.
“The man developed viral software, which he positioned as applications for computer games.”
At the time of the attacker’s arrest, he had real-time access to 600 infected computers, from where he could download files, steal credentials, drop additional payloads, install or delete programs, snap screenshots, and intercept sound or video from the computer’s microphone and cameras.
After collecting that data, the attacker accessed his victims’ accounts to steal “electronic funds.” It is unclear if that is online banking deposits or cryptocurrency assets.
It is unclear if the attacker limited himself to Ukrainian victims or if he targeted computers in other countries as well.
The police provided no details about how the hacker distributed the malware other than as game applications. However, previous malware distribution campaigns for similar infections were done through YouTube videos promoting game mods and cheats, Google Ads, malvertizing, social media marketing campaigns, direct messages, and emails.
During the raid at the suspect’s house, the police found and confiscated equipment the malware operator used for carrying out the malicious acts.
The arrested individual now faces criminal charges for violations of part 5 of Art. 361 of Ukraine’s crime law, on unauthorized interference with the work of information (automated), electronic communication, information and communication systems, and electronic communication networks.
The maximum penalty for the above is 15 years of imprisonment.
Despite being embroiled in a bloody conflict with Russia since February 2022, Ukraine has shown remarkable resilience in combating cybercrime and maintaining law and order within its borders.
The country’s police force has been working hard to tackle a wide range of cybercrimes, from taking down disinformation botnets and arresting ransomware operators to defending complex cyberattacks on government and energy infrastructure organizations.