International Crackdown on IM RAT Spyware

man behind laptop

A UK man was jailed yesterday as part of an international operation to crackdown on Remote Access Trojans (RAT). RAT Spyware takes total control of victims’ computers to steal personal details, login credentials and video footage.

Operation to Shut Down IM RAT Spyware

An international coordinated operation was started back in June 2019 to shut down the RAT Imminent Monitor (IM). The operation culminated last week with raids in Australia, Colombia, the Czech Republic, the Netherlands, Poland, Spain, Sweden and the UK. It targeted both the sellers and users of IM RAT.

The operation was led by the Australian Federal Police and was coordinated internationally by Europol. According to Europol, some 13 of the RAT’s “most prolific users” were arrested and 430 devices were seized.

RAT spyware is believed to have been used in 124 countries and sold to more than 14,500 buyers. It was hugely popular because it was easy to use, with buyers not needing to be technically knowledgeable to use it. Furthermore, it had a relatively low selling price of just US $25.

The number of victims are believed to be in the tens of thousands. Investigators have already found evidence of stolen personal details, passwords, private photographs and video footage.

The coordinated operation has now ended the availability of IM RAT. Furthermore, the IM RAT spyware can no longer be used by those who have already bought it.

Perpetrator Arrested in the UK

In the UK 21 search warrants were issued, which led to the arrest of nine individuals and the recovery of 100 items.

As part of the UK operation, a Merseyside man Scott Cowley, was arrested and sentenced yesterday to two years in prison. He infected innocent victims’ computers with IM RAT to take control of their webcams and watch them.

Arresting officers found a number of folders on Cowley’s computer containing recordings of his victims. The folders apparently contained images and videos of the women undressing and during intimate moments, including sex.

The police had little trouble tracking down Cowley as he reportedly purchased the RAT spyware using a PayPal account linked to his real name and email address. Stuart Mills, defending Cowley said: “… it’s surprising it’s so freely available for sale and purchase because there was no sophistication here – it was purchased with this defendant’s PayPal account and he was readily identified.” He added: “This defendant himself is not a particularly sophisticated individual.”

What is a RAT?

A Remote Access Trojan (RAT) is malware that allows hackers to monitor and control a victim’s computer or network. It works like legitimate remote access programs often used by technical support to help customers with computer issues.

However, while legitimate remote access programs are used for technical support and file sharing, RATs are used for spying, hijacking computers and stealing confidential information.

RATs are usually downloaded with a program requested by the victim or sent as an email attachment. They are difficult to detect as they don’t slow down an infected computer. They also do not show up in lists of programs or tasks running on the computer. Unless a hacker gives themselves away by deleting files or moving the cursor around on the screen, victims could be infected by a RAT for years without noticing.

What is the Purpose of RATs?

RATs give hackers administrative access to infected computers. Thus, hackers could wipe a victim’s computer or perform illegal actions online in the victim’s name. They could steal information such as login credentials and online bank account or social security details. A hacker could also use a RAT to take control of a victim’s computer and make it part of a botnet.

Furthermore, RATs used for spying are becoming increasingly popular. They take control of victims’ webcams and use the resulting videos or images for blackmail or other improper purposes. Some RATs don’t even activate the webcam’s indicator light, so victims are unaware they are being watched.

Avoiding RAT Spyware

The public and businesses can follow simple steps to help protect themselves from RAT spyware. Such steps include:

  • Installing and keeping updated effective antivirus software
  • Avoiding downloads of programs or apps that are not from a trusted source
  • Taking care before clicking on links in emails – they may be phishing
  • Taking care before opening attachments in emails, even if they seem to be from known persons
  • Avoiding suspicious websites
  • Covering webcams when not in use, whether it is a built-in or clip-on device
Information technology expert
Grace is an information technology expert who joined the VPNoverview team in 2019, writing cybersecurity and internet privacy-based news articles. Due to her IT background in legal firms, these subjects have always been of great interest to her.