Europol representatives reported about 14 arrests made in 8 countries of the world, and the liquidation of the infrastructure of the malvari Imminent Monitor, which has been active over the past six years.
RAT Imminent Monitor was created back in 2013 by a malware developer called Shockwave. Like most other Remote Access Trojans (RATs), it has been touted as a legitimate “remote control tool” for system administrators. However, it was advertised on hacker forums, and it was intended exclusively for cybercriminals.
Imminent Monitor did not gain much popularity in the early years of its existence, but when the authorities stopped the work of other popular RATs (LuminosityLink, NanoCore, BlackShades, Orcus), their customers began to switch to Imminent Monitor. For example, in the summer of 2018, Fortinet experts have noticedthat this RAT was used in a campaign against Russian business.
Technically, Imminent Monitor was a very ordinary RAT and offered the following features:
- remote desktop management "with ultra-fast speed exceeding 50 FPS";
- management of remote webcams "at speeds above 60 FPS";
- real-time keylogging;
- listening to conversations in real time through a computer microphone;
- the ability to use infected devices as a proxy to hide the actions of a hacker against other targets;
- collecting passwords from a wide range of applications and their theft.
Prior to the law enforcement operation, Imminent Monitor was distributed through the site imminentmethods.net and was estimated by its authors at only $ 25. According to Europol, over the years, Imminent Monitor has managed to attract more than 14,500 customers from 124 countries, and was used to attack tens of thousands of users.
Law enforcers say that the operation to eliminate Imminent Monitor was divided into two stages. During the first phase of the operation, back in June 2019, Australian and Belgian police raided the homes of the developer Malvari, as well as one of his accomplices.
During the second phase of the operation, which took place last week, the authorities closed the Imminent Monitor website, its internal servers and arrested the author of the malware, as well as the 13 most active users of this malicious tool.
Europol reports that the arrests were made in Australia, Colombia, the Czech Republic, the Netherlands, Poland, Spain, Sweden and the United Kingdom. In addition, searches were carried out in 85 different places, and law enforcement officers seized 430 devices, which, in their opinion, were used to distribute the malvari. The representatives of the National Crime Agency of Great Britain tried their best: on their account 21 search warrants, 9 arrests and more than 100 confiscated devices.