Malware creator who compromised 10,000 computers arrested

The creator of a Remote Access Trojan (RAT), responsible for compromising more than 10,000 computers, has been arrested by law enforcement in Ukraine.

At the time of the arrest, the developer still had real-time access to 600 PCs. According to the announcement, the RAT could tell infected devices to:

  • Download and upload files
  • Install and uninstall programs
  • Take screenshots
  • Capture sound from microphones
  • Capture video from cameras

Once data was harvested by the RAT, some of it was put to further use: Account theft and withdrawal of electronic funds contained in compromised balances are both mentioned in the police release.

Unfortunately, the release makes no mention as to how the file was distributed other than as “applications for computer games”. Bleeping Computer suggests that the campaign resembles malware distribution involving bogus YouTube videos promoting game cheats and modifications.

With this in mind, what can you do to try and avoid rogue files such as these?

Steering clear of bogus applications

Be careful of YouTube promotions. Avoid downloading newly advertised apps via sites such as YouTube. Genuine files are distributed in one of a handful of generally trusted locations, and not a video clip sharing platform. Anyone can upload a YouTube video and claim that it links to a genuine file. If the download is located on free file hosting services, that’s a good sign to steer clear too.

Be wary of sponsored search engine results. Anything at all can be lurking in paid-for links sitting at the top of your search results. Imitation sites are a huge problem, not just for fake gaming mods and applications but all manner of other software too. Those sites may direct you to fake adverts, survey scams, or even rogue installers filled with malware. Games and other popular forms of software are prime targets for these kinds of attacks.

Stick to trusted sources. If it’s a PC gaming mod you’re after, you’ll likely obtain it from the Steam Workshop page associated with the game’s Steam page. Otherwise, it’ll be located on Nexus Mods which performs some degree of virus checking and has a large community which quickly flags rogue files.

Scan your files. It’s always worth taking a few moments to see if anything bad is lurking in a download with the assistance of your trusted security tools. Many game related infections often make use of older, identifiable components so the odds are in your favour.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.