More Than 100 Arrested in RAT Peeping Tom Scheme

In news that would make anyone think twice about leaving the webcams on their laptops and phones uncovered, this week a global crackdown on peeping pervs resulted in the apprehension and arrest of over 100 hackers who were utilizing the Blackshade trojan to covertly spy on the webcams of unwitting victims from around the world.

According to documents filed in US District Court in Manhattan, Alex Yucel and Brendan Johnston have been charged with marketing, proliferating, and supporting the malware, while two others, Kyle Fedorek and Marlen Rappa, were condemned for purchasing it and using it to infect more than 400 people in a dozen different countries.

US Attorney Preet Bharara and the FBI have issued warnings that criminals were able to use Blackshades for everything from extortion to bank fraud, and it has become one of the world’s most popular remote administration tools, or RATs, used for cybercrime in just a few years.

“The RAT is inexpensive and simple to use, but its capabilities are sophisticated and its invasiveness breathtaking,” Bharara said. “For just $40, the BlackShades RAT enabled anyone anywhere in the world to instantly become a dangerous cybercriminal, able to steal your property and invade your privacy.”

In this case, while the trojan was still capable of standard malware practices like keylogging, cookie tracing, and using people’s own banking details against them, the ability to view the webcams of users without their knowledge far exceeded use of any of the other applications included in the RAT software.

Yucel, who is both the creator of Blackshade and its only distributor, employed a team of hackers to maintain the trojan, reportedly using the $350,000 in profit made off the crack to fund extravagant parties and lavish gifts for his close friends in his home country of Moldova. Yucel is currently in limbo while his extradition process is worked out by US officials, who have yet to convince the Maldovan government that his actions were enough to warrant shipping him stateside to be tried and sentenced for the crime.

Photo: MalwareBytes

A few months ago, we covered the most high-profile subject of these sultry surveillance operations–Miss Teen USA 2012 Cassidy Wolf–who last year was blackmailed by a California computer science student named Jared Abrahams after he used Blackshade to remotely take nude pictures of her through her Macbook’s iSight camera.

After obtaining the images, he then attempted to contact Cassidy in an effort to blackmail her, threatening to release the pictures to the public unless she paid him a hefty cash sum up front to keep them under wraps. Cassidy quickly went to the FBI after Abrahams sent her a Facebook message demanding the money, which kicked off the investigation that eventually led to Yucel and Johnston’s arrest just a few short weeks ago.

This recent roundup of international ne’er-do-wells just goes to show that if you give the wrong person a gun (especially for only $40 a pop), they’ll always look for the target that does the most damage first and only stop to think about the repercussions after it’s already too late.