Notorious spy tool taken down in global operation

IM-RAT, which could be had for as little as US$25, was bought by nearly 15,000 people

Law enforcement authorities in a number of countries have broken up a cybercriminal operation that peddled a notorious Remote Access Trojan (RAT) capable of giving anyone with ill intentions total control over compromised machines, according to announcements by Europol, the United Kingdom’s National Crime Agency (NCA) and the Australian Federal Police (AFP).

If installed undetected, the insidious tool – dubbed ‘Imminent Monitor RAT’ (IM-RAT) – made it possible for the crook to “disable anti-malware software, carry out commands such as recording keystrokes, steal data and passwords and watch the victims via their webcams”, obviously all without the victim’s knowledge or consent.

The malware was sold for as little as US$25 via the now-removed website As has been true in similar cases, IM-RAT was marketed as a legitimate remote desktop utility.

In all, the full-featured spy tool was bought by no fewer than 14,500 people in 124 countries, whereas victims are in the tens of thousands. Importantly, according to the NCA, with the IM-RAT infrastructure now taken down, the malware can no longer be used by the buyers.

The takedown notice on the now-seized IM-RAT website

“The IM RAT was used by individuals and organized crime groups in the UK to commit a range of offenses beyond just the Computer Misuse Act, including fraud, theft and voyeurism. Cybercriminals who bought this tool for as little as US$25 were able to commit serious criminality, remotely invading the privacy of unsuspecting victims and stealing sensitive data,” said the NCA.

The clampdown was carried out in two stages. In June of this year, Australian and Belgian police raided the home of the tool’s developer and one of his employees. The second stage, which transpired last week, resulted in the arrests of 13 of the tool’s most prolific users in nine countries. A total of 85 search warrants were executed and more than 430 devices were seized.

The authorities were quick to highlight three of the most fundamental cyber-hygiene tips that go a long way towards keeping these kinds of threats at bay; so let’s reiterate them here – ensure that your operating system and software are always up-to-date, use reputable security software, and refrain from clicking on links or attachments in suspicious emails.

IM-RAT’s case brings echoes of similar global crackdowns, including that on another spy tool, called LuminosityLink, was busted and its creator was later sentenced to 30 months in jail.

3 Dec 2019 – 05:40PM

Latest Posts