Melbourne Man Charged With Creating Global SpywarePolice Say Suspect Created the Imminent Monitor RAT at Age 15
The Australian Federal Police have charged a 24-year-old Melbourne man for allegedly creating global spyware purchased by over 14,500 individuals across 128 countries, with over tens of thousands of victims globally.
The officials allege that the man engaged with a network of individuals and sold the spyware, named Imminent Monitor, priced at as low as $25.
Once it is installed on a victim's computer, mainly using phishing, IM can be used to steal personal information or spy on individuals by turning on webcams and microphones
The spyware was also able to log key-strokes, which could give users access to see what was being written in victims' emails and other documents, such as the home address of a victim.
AFP Commander cybercrime operations Chris Goldsmid says that these types of malware are so nefarious because they can provide an offender virtual access to a victim's bedroom or home without their knowledge.
"One of the jobs for the AFP is to educate the public about identifying and protecting themselves from spear-phishing attacks or socially-engineered messaging, essentially emails or text messages that trick individuals into uploading malware," Goldsmid says.
The unnamed suspect is alleged to have created the Imminent Monitor RAT when he was just 15 years old, and is said to have sold this to domestic violence perpetrators and other criminals.
The AFP also identified the alleged Australian offenders who bought the RAT, as well as the Australian victims who were targeted.
The man faces six charges for his alleged role in creating, selling and administering the RAT between 2013 and 2019 and faces up to 20 years' imprisonment.
The officials believe there are over tens of thousands of victims globally. A total of 201 individuals in Australia bought the spyware, out of which 14 were respondents to domestic violence orders and one was listed on the Child Sex Offender Register.
The Australian Federal Police allege that the man earned between $300,000 and $400,000 from sales and spent "most of the money raised from allegedly selling the RAT paid for the man's food delivery services and other consumable and disposable items."
In addition, officials also arrested a 42-year-old woman who lives with the man at the same Melbourne residence. She is charged with dealing with the proceeds of crime to the value of $100,000 or more and now faces jail time up to 20 years.
Both were due to face the Brisbane Magistrates Court on Friday, however, the matter was adjourned until next month.
The police say that a worldwide operation called Operation Cepheus began when it received information from the cybersecurity firm Palo Alto Networks and the FBI about a suspicious RAT in 2017.
"The information sparked a global investigation, which included more than a dozen law enforcement agencies in Europe. Eighty-five search warrants were executed globally, with 434 devices seized and 13 people arrested for using the RAT for alleged criminality," the police says. "A team of five AFP cybercrime investigators worked on gathering critical intelligence as well as shutting down the RAT."
Upon successfully dismantling the RAT in 2019, it stopped operating on all devices across the globe.
In October 2019, the Australian Police also released an intelligence bulletin to Australian state and territory partners about a number of suspects in their jurisdictions.
At the same time, the police say they received evidence from overseas law enforcement agencies that enabled the arrest of the Australian man, which subsequently led to the investigation and execution of two search warrants in 2019 at the man's then home in Brisbane.
The Investigators also seized a number of devices including a custom-built computer that was containing code for the development and use of the RAT.
"This outcome is the culmination of years of collaboration between the AFP and its international partners, trawling through thousands of pieces of data to bring to account those who are responsible for breaching the privacy of innocent people," Goldsmid says.