AFP Traps RAT Developer

An Australian man and a man based in the US will appear in court, following an international investigation into the creation and sale of a global Remote Access Trojan (RAT).

The AFP investigation commenced in 2020 and received significant assistance from the Federal Bureau of Investigation (FBI).

The RAT was allegedly initially marketed under the name 'Firebird', providing users with the ability to remotely access and control their victims' computers without their knowledge.

The AFP will allege the Australian man developed and sold 'Firebird' to thousands of customers, including dozens of Australians, on a dedicated hacking forum.

AFP officers yesterday (11 April, 2024) served the Australian man with a court attendance notice for twelve counts of computer offences:

  • One count of produce data with intent to commit a computer offence, contrary to section 478.4(1) of the Criminal Code 1995 (Cth);
  • One count of control data with intent to commit a computer offence, contrary to section 478.3(1) of the Criminal Code 1995 (Cth); and
  • 10 counts of supply data with intent to commit a computer offence, contrary to section 478.4(1) of the Criminal Code 1995 (Cth). Nine of these charges relate to the alleged joint enterprise with the US man.

The maximum penalty for each of these offences is three years' imprisonment. The Australian man is scheduled to appear in Downing Centre Local Court on 7 May, 2024.

As part of the investigation led by the FBI in the US, an alleged co-offender based in Los Angeles was arrested yesterday (11 April, 2024) and charged with one count of conspiracy and one count of advertising a device as an interception device.

The investigation included the AFP, the Commonwealth Director of Public Prosecutions (CDPP), the FBI and the US Attorney's Office for the Central District of California.

AFP Acting Commander Cybercrime Sue Evans said cybercrime was the break and enter of the 21st century and police continued to see the number and cost of cybercrimes in Australia increase dramatically.

"ReportCyber received nearly 94,000 cybercrime reports last financial year, a 23 per cent increase from the year prior," Acting Commander Evans said.

"Remote Access Trojans are one of the most harmful cyber threats in the online environment - once installed onto a device, a RAT can provide criminals with full access to, and control of the device.

"This could include anything from committing crimes anonymously, watching victims through camera devices, wiping hard drives, or stealing banking credentials and other sensitive information.

"While cybercriminals may think they can safely and anonymously operate online, these charges demonstrate that the virtual world does not stand as a barrier against the long arm of the AFP.

"The AFP continues to cooperate with foreign and domestic law enforcement partners to address RATs and has participated in global action against malware developers in a number of overseas jurisdictions."

Tips to protect yourself from RAT malware

Be aware of the infection signs:

  • Your internet connection is unusually slow;
  • Unknown processes are running in your system (visible in the Process tab in Task Manager);
  • Your files are modified or deleted without your permission;
  • Unknown programs or applications are installed on your device (visible in the Add or Remove Programs tab in the Control Panel).

Protect yourself:

  • Ensure your security software and operating system are up to date;
  • Ensure your device's firewall is active;
  • Only download apps and software from sources you can trust;
  • Cover your webcam when not in use;
  • Regularly back up your data;
  • Be wary while browsing the internet and do not click on suspicious links, pop ups or dialogue boxes;
  • Keep your web browser up to date and configured to alert if a new window is opened or anything is downloaded;
  • Do not click on links and attachments within unexpected or suspicious emails.

What to do if infected with the malware:

  • Disconnect your device from the network as soon as possible, in order to prevent additional malicious activity;
  • Install security software from a trustworthy source;
  • Run a full scan of your device and remove threats by using a security software;
  • Once you think the infection has been removed, change the passwords for your online accounts and check your banking activity. Report anything unusual to your bank and, as needed, to the Report Cyber website;
  • Learn how to protect your device from future infections and avoid data loss.

Watch the AFP's cybercrime prevention videos and protect yourself from being a victim of cybercrime.

If there is an immediate threat to life or risk of harm, call 000.

If you are a victim of cybercrime, report it to police using Report Cyber.

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.