In a joint international effort led by the Australian Federal Police (AFP) law enforcement agencies from all over the world have dismantled the global organized cybercrime network behind Imminent Monitor RAT (IM-RAT), a hacking tool that allows threat actors a remote access to targeted computers.
Once installed, the RAT allows cybercriminals to fully control the victim’s computer: to disable anti-virus and anti-malware software, run different commands such as recording keystrokes, steal data and passwords and spy on victims via their webcams. IM-RAT is considered a serious threat due to its functionality, ease of use and a low cost of as little as $25 with lifetime access.
The operation was aimed at both buyers and sellers of the IM-RAT, which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor has also been sized as part of this operation, making the tool unavailable to those who bought it.
According to a Europol’s statement, the operation was conducted in two stages – one occurred in June 2019, when authorities in Australia and Belgium issued search warrants against the developer and one employee of IM-RAT. The second stage took place in November resulting in the takedown of the Imminent Monitor infrastructure and the arrest of 13 of the most prolific users of IM-RAT in Australia, Colombia, Czechia, the Netherlands, Poland, Spain, Sweden and the United Kingdom. The police also seized over 430 devices it believes were used in malware operations.