In what we can only hope is a sign of things to come, law enforcement around the world showed unprecedented cooperation in shutting the shades on a gang responsible for creating and sharing a nasty piece of malware that was spreading rapidly around the world.
The malware is known as Blackshades, and was allegedly created by a 24-year-old Swedish man who ran his malware operation like a legitimate business. The entrepreneur was very committed to making his malware as popular as possible, hiring a marketing director, customer service representatives, and a customer service manager.
His Blackshades creation is not one piece of malware but more of a collection, with the most dangerous being the Blackshades RAT, or Remote Access Trojan. RATs are particularly dangerous because as the name suggests, they allow the hackers to maintain remote control over the Trojan while it’s on an infected computer.
And according to an FBI statement, those capabilities were impressive. “After installing the RAT on a victim’s computer, a user of the RAT had free rein to, among other things, access and view documents, photographs and other files on the victim’s computer, record all of the keystrokes entered on the victim’s keyboard, steal the passwords to the victim’s online accounts, and even activate the victim’s web camera to spy on the victim – all of which could be done without the victim’s knowledge.”
The Blackshades kit was widely available and costing as little as just $40. Which might explain why the FBI estimated that it was purchased thousands of times, used in hundreds of countries, and infected more than a million computers worldwide.
One of those victims was Cassidy Wolf, Miss Teen USA 2013. The 19-year-old was targeted in a sextortion case by a 20-year-old from California. This hacker was one of the many who purchased and used Blackshades, and once he had infected the computer of the beauty queen he notified her that he had taken control of her camera, had used her webcam to take a series of compromising photographs of her, and would publish those photos unless she provided him with more photos and videos.
The victim wisely opted instead to go to the police and the hacker was recently sentenced to 18 months in jail. Investigators said that this one amateur hacker, who was studying computer science and went to the same high school as the victim, had more than 150 computers under his control using Blackshades when he was arrested.
In order to reign in the spread of the malware, which was ideally suited as a business espionage tool, the FBI enlisted the help of law enforcement in 18 countries. In a coordinated series of raids, 40 FBI field offices conducted around 100 interviews, more than 300 searches, seized nearly 2,000 web domains, and made nearly 100 arrests.
So how do you know if your computers have been infected by the Blackshades RAT? Blackshades is only known to infect Windows computers and the FBI suggests you keep an eye out for the following tell-tale signs:
- Mouse cursor moves erratically with no input from user
- Web camera light (if equipped) unexpectedly turns on when web camera is not in use
- Monitor turns off while in use
- Usernames and passwords for online accounts have been compromised
- Unauthorized logins to bank accounts or unauthorized money transfers
- Text-based chat window appears on your computer’s desktop unexpectedly
- Computer files become encrypted and ransom demand is made to unlock files.
In case you need reminding, malware is getting more sophisticated and the people behind it more determined. Constant vigilance, and the best security tools, are your best defense against an unpleasant infestation. To get a free consultation on how to implement these types of tools contact SiteLock today at 877.563.2791.