Law enforcers from across the globe sprung into action late last week to arrest users of a remote access tool (RAT) known as “Blackshades”.
The malware can be bought legally and put to use for tasks such as remotely accessing a home PC from elsewhere. However, it has increasingly been bought by hackers with a view to logging keystrokes and accessing data on victims’ hard drives.
The FBI led the charge against users of the malware, who purchased Blackshades from an underground marketplace known as “bshades.eu”, according to the Wall Street Journal.
The US charges are still sealed although it is thought that details of the raids – designed to smash a ring of international hackers – could be made public as early as today.
Police in Germany, the UK, the Netherlands and elsewhere are also thought to have raided the homes of Blackshades users.
The blackshades.eu site has also been taken offline now.
Lamar Bailey, director of security R&D at Tripwire, revealed that various versions of the software are available online for $40-100, depending on the variant.
He added that the multi-pronged, international law enforcement effort to target Blackshades users could be an effective strategy.
“If the various law enforcement agencies arrest people who give up access to the command and control servers law enforcement can try to upload new versions of Blackshades that would neuter many of the versions in the wild and this could be an effective eradication program,” Bailey said.
“The agencies could also want to use the malware to spy on some criminals, terrorist, or enemies of the state that are infected.”
Symantec revealed in November last year that hundreds of C&C servers were being used to gather credentials from computers as part of a resurgent Blackshades campaign, despite one of the authors of the malware having been arrested in 2012.