Last week, law enforcement officials from multiple countries worked together to confiscate a domain used by cybercriminals to sell malware. The malware allowed perpetrators to take control of affected computers and steal various forms of information. During the operation, Croatian prosecutors arrested a man who was believed to be the website’s administrator. Croatian authorities plan to press charges against him.
The website sold Netwire Remote Access Trojan (RAT), a remote access toolkit that can be used to manage computers remotely. However, cybercriminals typically use RATs to break into networks and establish backdoors to maintain access. While the website advertised Netwire as a legitimate tool for IT infrastructure management, an affidavit claims that it is malware used for malicious purposes. Consequently, the software was marketed in underground forums, and numerous cybersecurity companies and government agencies have reported cases where the Netwire RAT was used for criminal activities.
The FBI began investigating the worldwidelabs website in 2020. They created an account and subscribed, as well as a custom version of the Netwire RAT using the builder tool provided. The recent crackdown on Netwire-RAT masterminds occurred because of the close cooperation of US prosecutors with Croatian and other global partners. The FBI’s Los Angeles field office, the Croatian Ministry of the Interior, the Directorate of Criminal Investigation, the Zurich Cantonal Police in Switzerland, the Europol European Cybercrime Center, and the Australian Federal Police have all investigated the matter.
Meanwhile, cybercriminals continue to be targeted, and their IT infrastructure is being repeatedly shut down. For example, a Dutchman was recently arrested for selling Austrian population registers and medical records. It’s a reminder that cybercrime has serious consequences, and law enforcement from multiple countries is committed to tracking down perpetrators and bringing them to justice.