As a result of a joint operation in different countries at the same time, cyber police blocked the Imminent Monitor trojan. Europol, together with the law enforcement agencies of Colombia, Australia and several other countries, prevented the spread of the Trojan.
Cyber police officers managed to shut down the servers of the project, which was positioned as a legitimate utility, but it had all the functions of a RAT Trojan.According to investigators, malware acquired more than 14 thousand users and distributed it in 124 countries, though members of criminal forums talk about twice greater scale of application circulation.
“The malware Imminent Monitor has been on the Web since 2013, but it gained the greatest fame a couple of years ago, after several key players left the market. Not the last role in the growth of the Trojan’s popularity played its price – anyone could buy a RAT-utility for $ 25”, – report representatives of Europol.
The creators of the program presented it as a means of remote administration, but they advertised their development on hacker forums and other resources on the darknet.
Read also: Distributors of malicious exploit packs switch to file-free infection method
The malware installed on the target device allowed the attacker to:
- receive images from web cameras;
- intercept keyboard work;
- remotely connect to the victim’s desktop;
- steal logins and passwords from multiple applications;
- listen to conversations in real time through a computer microphone;
- Use an infected machine as a proxy server.
In April of this year, users of one of the hacker forums noticed that the author of the program, hiding under the pseudonym Shockwave, did not appear on the resource for a long time. Participants in the criminal community suggested that law enforcement agencies became interested in the activities of the attacker. This information was confirmed when began searches Imminent Monitor buyers’ homes.
“The active phase of the operation began in the summer of 2019, when the cyber-police of Australia and Belgium received warrants for the arrest of the creator of the malware and one of his assistants. Currently, 13 of the most active users of the Trojan have been detained, 430 devices have been seized, and the rest of the equipment obtained during the raids is being examined”, – say Europol representatives.
Investigative actions took place in the Czech Republic, Great Britain, Colombia, Poland, Spain, Sweden and the Netherlands.
The backend servers of the malware site are disabled – now a message about its blocking has been posted on the criminal web resource. According to law enforcement officials, Imminent Monitor buyers will no longer be able to use the application.