AFP leads takedown of ‘Imminent Monitor’ RAT

Use of IM-RAT disabled, AFP says

AFP raid targeting IM-RAT distribution.
Australian Federal Police

Australian Federal Police’s Cybercrime Investigations teams have led an operation targeting the Imminent Monitor Remote Access Trojan. As a result use of IM-RAT has been disabled, according to the AFP.

A statement from the AFP said that an international investigation, coordinated by Eurojust and Europol, revealed details of a network supporting distribution and use of IM-RAT across 124 countries.

The AFP said that, locally, purchasers of the software included people who were respondents to domestic violence orders.

The investigation was sparked by a 2017 referral from the FBI and Palo Alto Networks’ Unit 42.

The investigation drew in the Belgium Police, New Zealand Police, National Police Corps of the Netherlands, the United Kingdom’s National Crime Agency, and the North West Regional Crime Unit.

An international week of action led to the domain being seized, and 13 people arrested. Some 85 warrants have been executed and 434 devices such as laptops, phones and servers have been seized, according to the AFP. No arrests have taken place in Australia.

More than 14,500 people are believed to have purchased IM-RAT, according to sales records. An IM-RAT licence cost as little as US$25.

“We now live in a world where, for just US$25, a cybercriminal halfway across the world can, with just a click of the mouse, access your personal details or photographs of loved ones or even spy on you,” the head of Europol’s European Cybercrime Centre (EC3), Steven Wilson, said in a statement.

“The global law enforcement cooperation we have seen in this case is integral to tackling criminal groups who develop such tools. It is also important to remember that some basic steps can prevent you falling victim to such spyware: We continue to urge the public to ensure their operating systems and security software are up to date.”

Europol said that search warrants were executed in Australia and Belgium in June against the alleged IM-RAT developer and an employee.

“The offences enabled by IM-RAT are often a precursor to more insidious forms of data theft and victim manipulation, which can have far reaching privacy and safety consequences for those affected. These are real crimes with real victims,”  AFP spokesperson Acting Commander Cybercrime Operations, Chris Goldsmid, said.

The criminal use of malware is an offence under the Commonwealth Criminal Code Act 1995, although owning an IM-RAT licence is not against the law according to the AFP.

In March, the AFP said it had searched a property in Lara, north of Geelong, as part of an international malware investigation coordinated with the Royal Canadian Mounted Police (RCMP), the Canadian Radio–television and Telecommunications Commission (CRTC) and the FBI.


Copyright © 2019 IDG Communications, Inc.

Shop Tech Products at Amazon