Called Imminent Monitor (IM), users could monitor and control users’ computers, spy on them using the device’s webcams and microphones, and record keystrokes to record passwords or communications.
It can be installed on victims’ computers by tricking them into clicking a malicious link sent by email or text message – a tactic that has led to such tools being branded as stalkerware because they prefer domestic violence.
“This kind of malware is so nefarious because [they] can give an offender virtual access to a victim’s bedroom or home without their knowledge,” said Chris Goldsmid, the cybercrime commander of the Australian Federal Police (AFP), while the arrest was being made. announced.
The investigation not only identified the alleged author of IM – Frankston man Jacob Wayne John Keenwho was only 15 years old when he wrote the program in 2013, but he was able to identify the 201 Australian individuals who bought the program and the 44 Australian victims that were targeted.
Fully 14.2% of the application’s buyers have been named as respondents to domestic violence orders — a “statistically high percentage,” the AFP notes — and one is currently registered on the sex offender registry.
“Unfortunately,” Goldsmid said, “there are criminals who use these tools not only to steal personal information for financial gain, but also for highly intrusive and despicable crimes.”
The AFP “believes there are tens of thousands of victims worldwide,” the agency said, noting that analysis found that the man spent most of the proceeds of the $35 ($25) application on food delivery services and other “consumer benefits.” and disposable items.”
Another victory for researchers
The indictment against Keen is a victory for investigators, who spent several years working with international colleagues on Operation Cepheus after being warned in 2017 by the US FBI and cybersecurity firm Palo Alto Networks about a “suspicious” new RAT.
The two-year study included five AFP cybercrime investigators and led to the removal of IM in November 2019, with authorities from a dozen authorities in eight countries working together to shut down the system.
Keen is said to have written the program in his Brisbane bedroom and now lives in Frankston, Melbourne.
At the time, search warrants on his former home “uncovered a number of devices, including a custom computer with code consistent with the development and use of the RAT,” the AFP said.
He faces up to 20 years in prison after being charged on six counts, including committing a computer violation, unauthorized alteration of data to cause harm, and trafficking the proceeds of crimes worth $100,000 or more.
“This result is the culmination of years of collaboration between the AFP and its international partners,” Goldsmid said, “coming through thousands of pieces of data to hold accountable those responsible for violating the privacy of innocent people.”
While buying the RAT is not illegal, the AFP noted, it is a crime to install the software on a victim’s computer without their permission.
A recent analysis found that “smug” Australians are particularly vulnerable to using such software, with the ubiquity of the devices — and in particular Apple’s iOS reputation as intrinsically safe — making them less attuned to potential threats.
Yet the volume of such threats has escalated in recent years, with telcos recently forced to block the deluge of fake shopping offers and delivery notices that malware authors use to trick their victims into installing RATs and other malware.
Stalkerware detections hit record highs in 2021, but fell in the second half of the year, according to security firms Kaspersky and Malwarebytes — who hypothesized that the rise was due to real-world restrictions that had prompted many domestic abusers to use the apps to track their physically separated victims.
In a recent Kaspersky study21% of respondents said they suspect an intimate partner was spying on them using a phone app, while 24% confirmed cases of stalking by a partner via technology.