Almost 100 alleged hackers, including 17 from the UK, have been arrested around the world for distributing and using the Blackshades remote access Trojan (RAT).
It follows a tip-off from the US Federal Bureau of Investigation (FBI) to Europol, the European Union’s policing agency set up to handle criminal intelligence, it’s criminal justice equivalent Eurojust, the UK’s National Crime Agency (NCA) and agencies in 14 other countries.
More than 300 properties were raided, and 97 hackers were arrested in the US, UK, Austria, Belgium, Canada, Chile, Croatia, Denmark, Estonia, Finland, Italy, Moldova, Netherlands and Switzerland. According to CNN, the co-creator of the Blackshades RAT was arrested in Moldova. Cash, firearms, drugs and more than 1,000 data storage devices were seized in the raids.
According to the NCA, 17 of the alleged hackers came from the UK, with raids occurring across the country.
The Blackshades RAT can be bought for £100 from the “right” places on the darknet. It can be used to remotely switch on a user’s webcam, and as a keystroke logger in order to steal user names and passwords, and to install other malware on their PCs.
It has also been used in connection with “ransomware”, malware that encrypts and locks a user’s hard-disk drive. The perpetrators demand money to provide the decryption key.
Blackshades is particularly pernicious as it can be hidden from anti-virus software by using obfuscated code. It had been distributed via the Neutrino exploit kit in 2013.
About 700,000 PCs worldwide are estimated to have been infected with the malware and the NCA claims that about 200,000 usernames and passwords for various online services have been extracted using Blackshades from users in the UK alone.
The arrests appear to have been well-targeted. Several users of the Hack Forums website, “your entry into the dark world of hacking”, report being raided by police.