16 arrested in European bust over RAT spyware

Europe's law enforcement agency has cracked down on the use of remote access trojans.
Written by Liam Tung, Contributing Writer

A European crackdown on the use of spyware has resulted in the arrest of 16 people across seven countries.

The arrests, announced by Europol late last week, were made in Estonia, France, Italy, Latvia, Norway, Romania, and the United Kingdom. They targeted people suspected to have used remote access tools (RATs) for cybercrime.

As Europol noted, while RATs are functionally similar to the administration tools used to provide remote support in corporate environments, the key difference is that with corporate tools, the end user grants permission to their computer. With RATs, victims' PCs typically become infected after unwittingly clicking on a malicious link purporting to be a video or picture.

Well-known RATs, such as Blackshades and DarkComet, pose a privacy and security threat to victims, with features that enable the controller to remotely activate the infected PC's webcam, steal banking credentials, and enable the system to participate in denial-of-service attacks.

The UK's National Crime Agency (NCA) on Friday announced the arrests of five people accused of using RATs, while another suspect was brought in for questioning.

"The illegal use of Remote Access Trojans is a significant cybercrime threat, demanding this kind of strong, coordinated response from international to local UK level," Andy Archibald, deputy director of the NCA's National Cyber Crime Unit, said in a statement.

"Suspected users of RATs are continuing to find that, despite having no physical contact or interaction with their victims, they can still be identified, tracked down and arrested by the NCA and its partners."

The arrests in Europe follow an international crackdown on RATs earlier this year that resulted in the apprehension of more than 100 people linked to the sale, distribution, and use of Blackshades, which was estimated to have had 6,000 customer accounts. Accounts were sold for between $40 and $50.

Blackshades has been used for a variety of tasks, ranging from credit card theft to politically motivated attacks.

A US beauty pageant winner drew attention to the risk of RAT attacks last year, going public about her extortion ordeal at the hands of a hacker who had compromised her computer. The victim was surprised that the hacker was able to turn on her PC's webcam without the camera's light being activated.  

Europol said the current arrests were in part to inform the public about the threat posed by RAT malware. The agency expects to continue similar operations next year.

Read more on this story

Editorial standards