Canadian Radio-Television and Telecommunications Commission (CRTC) fined Orcus Technologies 115,000 Canadian dollars (approximately 87,000 US dollars). The fact is that Orcus Technologies sells and advertises Orcus's Remote Administration Tool, but information security experts have long noted that many of its functions are more likely to be inherent to malvari than to a legitimate commercial product.
According to a CRTC investigation, along with experts from the Royal Canadian Mounted Police (RCMP), Orcus Technologies was founded in March 2016 by a Toronto man named John Paul Revesz, who was also known by his pseudonym Siriis McGraw, Armada and Angelis, and a German named Vincent Leo Griebel, also known as Sorzus.
Griebel was directly involved in the development of Malvari, and Reves provided marketing, sales and support. On the network, Orcus sold under the guise of a conventional remote administration tool, similar, for example, to TeamViewer.
CRTC representatives write that they were able to establish that Orcus RAT was not an ordinary remote administration tool, as its creators claimed. According to the investigation, Gribel and Reves sold Orcus RAT and helped attackers install it on other people's machines without the consent of users. In addition, the duo also supported the operation of the DDNS service, helping the malware interact with infected hosts without revealing the real IP addresses of the attackers.
However, a fine is not the worst thing that threatens the developers of Orcus RAT. So, in November 2019, RCMP opened a criminal case against Reves. Law enforcement officials write that they began an investigation against Orcus Technologies back in July 2016, when Orcus RAT first hit the radars of information security experts.
I recall that at the end of March 2019, Canadian law enforcement officers searched John Reves, and then he warned that during the search several hard drives with data about Orcus Technologies business and operations were seized from him. Among other things, these drives contained information about users, including their usernames and real names, as well as data on financial transactions. Reves believed that Canadian law enforcement officers were engaged in an international investigation, which also involved authorities in the United States, Germany, Australia, and probably other countries.
The developer emphasized that the authorities did not gain access to the user base and licenses, as well as his main working laptop and tablet. Despite this, he warned all Orcus users (both licensed and hacked versions) that RAT can no longer be considered a safe solution, and they should take care as soon as possible to switch to another tool for remote access.
Shortly after these events, Australian law enforcement officers received some individual orderssupposedly targeting Orcus RAT buyers. Complaints about police raids also appeared on HackForums, where the Orcus RAT was previously often advertised.
Currently, representatives of CRTC claim that they have at their disposal a list of Orcus RAT buyers based in Canada and other countries of the world, and law enforcement agencies intend to continue work in this direction.
A photo: Zdnet