Two people have been arrested in Australia and the United States in connection with an alleged plan to develop and distribute a remote access Trojan called Hive RAT (formerly Firebird).
The US Department of Justice (DoJ) said the malware “gave malware buyers control over victims’ computers and allowed them to access victims’ private communications, their login credentials, and other personal information “.
A 24-year-old individual named Edmond Chakhmakhchyan (aka “Corruption”) from Van Nuys in Los Angeles, California was taken into custody after he was caught selling a Hive RAT license to an undercover employee of a security agency. police.
He was charged with one count of conspiracy and one count of advertising a device as an eavesdropping device, each of which carries a sentence of five years in prison. Chakhmakhchyan has pleaded not guilty and was ordered to stand trial on June 4, 2024.
Court documents allege a partnership between the malware’s creator and the defendant under which the defendant would post ads for the malware on a cybercrime forum called Hack Forums, accept cryptocurrency payments from customers and offer product support.
Hive RAT is equipped with features to terminate programs, browse files, log keystrokes, access incoming and outgoing communications, and steal victims’ passwords and other credentials for bank accounts and cryptocurrency wallets from victims’ computers without their knowledge or without their consent.
“Chakhmakhchyan exchanged electronic messages with the buyers and explained to one of them that the malware ‘allowed the Hive RAT user to access another person’s computer without that person’s knowledge of the access,’” the DoJ said .
The Australian Federal Police (AFP), which announced its charges against a citizen for his alleged involvement in the creation and sale of Hive RAT, said its investigation into the matter began in 2020.
The unnamed suspect faces 12 charges, including one charge of producing data with intent to commit a computer crime, one charge of controlling data with intent to commit a computer crime and 10 counts of having provided data with the intent to commit a computer crime. The maximum penalty for each of these crimes is three years’ imprisonment.
“Remote access Trojans are one of the most damaging cyber threats in the online environment – once installed on a device, a RAT can give criminals full access and control of the device,” said AFP Acting Commander Sue Evans Cybercrime.
“This could include anything from committing crimes anonymously, observing victims through camera devices, wiping hard drives, or stealing banking credentials and other sensitive information.”
Nebraska man indicted in cryptojacking scheme
The development comes as federal prosecutors in the United States indicted Charles O. Parks III (aka “CP3O”), 45, for running a massive illegal cryptojacking operation, defrauding “two well-known cloud computing service providers” for over 3.5 million dollars. in computing resources to mine nearly $1 million worth of cryptocurrency.
The indictment accuses Parks of wire fraud, money laundering and engaging in illegal monetary transactions. He was arrested on April 13, 2024. The charges of wire fraud and money laundering carry a maximum sentence of 20 years in prison. He also faces a 10-year prison sentence on charges of illegal monetary transactions.
While the DoJ does not explicitly state which cloud providers were targeted in the fraudulent operation, it noted that the companies are based in the cities of Seattle and Redmond, Washington, the corporate headquarters of Amazon and Microsoft.
“From approximately January 2021 through August 2021, Parks created and used a variety of names, corporate affiliations, and email addresses, including emails with domains of business entities operated by him […] to register numerous accounts with cloud providers and gain access to massive amounts of processing and storage power that he did not pay for,” the DoJ said.
The illicitly obtained assets were then used to mine cryptocurrencies such as Ether (ETH), Litecoin (LTC), and Monero (XMR), which were laundered through a network of cryptocurrency exchanges, a non-fungible token (NFT) market, a online payment providers and traditional bank accounts to hide the trace of digital transactions.
The illicit proceeds, prosecutors said, were eventually converted into dollars, which Parks used to make various extravagant purchases that included a luxury Mercedes Benz car, jewelry, first-class hotels and travel expenses.
“Parks deceived providers into approving increased privileges and benefits, including elevated levels of cloud computing services and deferred billing, and deflected providers’ requests related to questionable data usage and increased unpaid subscription balances “, the DoJ said.