HQ/EMEAFind out how we can help your business
Ukrainian cybersecurity law enforcement authorities have arrested a RAT developer that caused the infection of more than 10,000 devices. The remote access trojan has been posing as game applications which compromised numerous users.
Based on reports, the Khmelnychchyna Cybercrime Department employees reported the 25-year-old developer, which resulted in its arrest conducted by the regional police investigative department and the SBU regional department.
The 25-year-old RAT developer created an application for computer games.
According to investigations, the RAT developer had real-time access to approximately 600 infected devices during its arrest. The accused could download files, steal credentials, install or delete programs, capture screenshots, drop additional malware strains and intercept sound/video from the compromised devices.
The attacker could then access his victims’ accounts to steal assets after collecting the data via RAT. However, authorities have not confirmed whether this attacker has executed online banking documents and crypto funds.
Moreover, Ukrainian law enforcement still confirms if the arrested individuals have also targeted computers from countries other than Ukraine.
The police did not provide information regarding how the hacker disseminated the malware other than as an application. However, researchers believe the actor could have adopted standard distribution campaigns, such as YouTube video promotions, Google Ads, social media marketing, phishing emails, and malvertising.
The hacker’s equipment for executing the malicious attacks had also been found and confiscated during the raids.
The 25-year-old RAT developer has criminal charges for violating part 5 of Article 361 of Ukraine’s criminal law.
Therefore, the attacker could face a maximum penalty of about 15 years of imprisonment. Ukraine has still shown resilience and proactiveness in battling cybercriminal behaviour within its territory despite being constantly attacked by the Russian military since last year.
The country intends to keep its cybersecurity landscape clear of threats as much as possible since they have constantly dealt with outside threats, especially Russian hackers.
