BlackShades malware bust ends in nearly 100 arrests worldwide

Law enforcement agencies seize more than 1,000 computers, smartphones, and hard drives in a massive operation that goes after malware said to have "sophisticated" capabilities and "breathtaking" invasiveness.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read

BlackShades provides users with this sample letter to send to victims when they take over a computer. Europol/blog.malwarebytes.org

Law enforcement officials from 19 countries joined forces over the last two days to takedown nearly 100 alleged hackers. These purported hackers were said to be creating, selling, and using what the FBI calls a "particularly insidious" computer malware known as BlackShades.

Over the course of the operation, officials' searched 359 houses and confiscated more than 1,100 data storage devices, such as computers, laptops, cell phones, routers, external hard drives, and USB memory sticks. Law enforcement also seized "substantial quantities" of cash, illegal firearms, and drugs, according to the European Union's law enforcement agencyEuropol.

BlackShades is a type of malicious software that acts as a Remote Access Tool, or RAT -- letting users remotely control a victim's computer. Once a hacker installs BlackShades onto a victim's computer, they can see anything on the computer, such as documents, photographs, passwords, banking credentials, and more. They can also deny access to files, record victims' keystrokes, and activate the computer's webcam.

One case of BlackShades use documented by Europol involved an 18-year-old man from the Netherlands who allegedly infected roughly 2,000 computers to take photos of women and girls who were using the machines.

Since 2010, BlackShades has been distributed and sold to thousands of people worldwide in more than 100 countries and used to infect more than half a million computers, according the FBI. Certain versions of the malware can be bought for as little as $40.

"The RAT is inexpensive and simple to use, but its capabilities are sophisticated and its invasiveness breathtaking," Manhattan US Attorney Preet Bharara said in a statement Monday. "As today's case makes clear, we now live in a world where, for just $40, a cybercriminal halfway across the globe can -- with just a click of a mouse -- unleash a RAT that can spread a computer plague not only on someone's property but also on their privacy and most personal spaces."

In the US, the FBI unsealed an indictment on Monday against two men it's claiming developed BlackShades -- Swedish national Alex Yucel and US citizen Michael Hogue. The agency has also charged and arrested three other men who it says either sold BlackShades or used it on unsuspecting people's computers. The FBI said the malware generated sales of more than $350,000 between September 2010 and April 2014.

Countries involved in the BlackShades takedown operation included the Netherlands, Belgium, France, Germany, UK, Finland, Austria, Estonia, Denmark, US, Canada, Chile, Croatia, Italy, Moldova, and Switzerland.