Authorities arrested a malware developer from Australia after developing and selling the Imminent Monitor RAT (remote access trojan) to threat actors on the dark web, utilised for spying on victims.
The trade of RAT variants on underground forums is quite a popular activity between malware developers and threat actors since RATs offer a wide array of features ideal for effectively spying on victims remotely.
One of these RAT developers had been captured by the Australian Federal Police (AFP), a 24-year-old man who allegedly had created the Imminent Monitor (IM5) software and sold it online.
Based on the authorities’ investigations, the suspect had sold the malicious tool to over 14,500 clients worldwide. The AFP also released a statement explaining that most of the RAT’s buyers are criminal offenders, including those with records of domestic violence and child exploitation violators.
In about nine years of trading the Imminent Monitor RAT on the dark web, the suspect had allegedly made approximately 300,000 to 400,000 dollars in total profit. Furthermore, six charges were imposed against the Australian suspect with a maximum imprisonment of 20 years.
The suspect, who hides under a username of ‘ShockWave,’ was 15 years old in 2013 when he began developing and promoting the Imminent Monitor RAT. It also has a dedicated website offering the malicious tool for $25 for lifetime access.
However, in April 2019, some of ShockWave’s partners noticed his inactivity, worrying that the authorities could have seized him. The suspect’s name had made headlines in November of the same year when Europol announced the seizure of about 430 devices involved in the malicious operations of the sophisticated RAT software, alongside the malware’s website shut down.
The recent raid against the RAT’s operation included arresting 13 other malware users and a Belgium-based employee. The Australian police had also dismantled the Imminent Monitor RAT platform after receiving intelligence about the main developer’s whereabouts.
