Europol coordinates law-enforcement takedown of RAT able to control victims' PCs.

News by SC Staff

Imminent Monitor Remote Access Trojan (IM-RAT) targetted in an international law enforcement takedown of Rat used across 124 countries and sold to more than 14,500 buyers - for less than £20 each.

85 Sellers and users of the Imminent Monitor Remote Access Trojan (IM-RAT) have been targetted in an international law enforcement operation led by the Australian Federal Police (AFP), coordinated by Europol and Eurojust, together with judicial and law enforcement agencies in Europe, Colombia and Australia.

The resultant takedown has ended availability of this hacking tool which was able to give full remote control of a victim’s computer for less than £20; it is reported to have been used across 124 countries and sold to more than 14,500 buyers. IM-RAT can no longer be used by those who bought it.

Search warrants were executed in Australia and Belgium in June 2019, and an international week of actions undertaken in November, resulting in the takedown of the Imminent Monitor infrastructure and the arrest at this stage of 13 of the most prolific users of this Remote Access Trojan (RAT). More than 430 devices were seized and forensic analysis of the large number of computers and IT equipment seized continues.

Australia, Colombia,  Czechia, the Netherlands, Poland, Spain, Sweden and the United Kingdom were involved.. 

This RAT allowed hackers to disable anti-virus and anti-malware software, carry out commands such as recording keystrokes, steal data and passwords and watch the victims via their webcams, all  without a victim’s knowledge.

Steven Wilson, head of Europol’s European Cybercrime Centre (EC3), said: ‘We now live in a world where, for just US$25, a cyber-criminal halfway across the world can, with just a click of the mouse, access your personal details or photographs of loved ones or even spy on you. The global law enforcement cooperation we have seen in this case is integral to tackling criminal groups who develop such tools. It is also important to remember that some basic steps can prevent you falling victim to such spyware: we continue to urge the public to ensure their operating systems and security software are up to date.’

Daniela Buruiana, National Member for Romania at Eurojust and Chair of its Cybercrime Team, adds: ‘The cyber-criminals selling and using the IM-RAT affected the computers of tens of thousands of victims worldwide. We would like to thank all the judicial and law enforcement authorities involved for the excellent results achieved in this operation. These authorities have shown an extremely high level of commitment and legal and technical expertise. Effective cooperation and coordination among all the relevant actors are vital in overcoming the obstacles to investigations due to the global scale and technical sophistication of this type of crime.’

Steps to avoid falling victim to such malware, include:

  • Update your software, including anti-virus software;

  • Install a good firewall;

  • Don’t open suspicious e-mail attachments or URLs – even if they come from people on your contact list; and

  • Create strong passwords.

Also see Europol’s Remote Access Trojans crime prevention advice.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews