Malware Creator Jailed For Infecting More Than Half a Million Computers

Alex Yucel jailed for almost five years after stealing computer users’ personal data in 100-plus countries

The jailing of a notorious malware creator has “sent a warning shot across the bows of cybercriminals”, according to IT security analysts.

Swedish citizen Alex Yucel, 25, was on Tuesday sentenced to 57 months in prison after being found guilty of selling sophisticated malware that corrupted more than a half a million computers in more than 100 countries.

Dirty RAT

The malware, named Blackshades Remote Access Tool, or RAT, was sold via Yucel’s company, Blackshades.

An investigation into Blackshades stemmed from a separate FBI sting in which authorities created a fake website to catch criminals looking to buy and sell credit card numbers.

malwareYucel was sentenced in Manhattan federal court by US District Judge P. Kevin Castel, having pleaded guilty to computer hacking on February 18, 2015.

Manhattan US Attorney Preet Bharara said: “Alex Yucel created, marketed, and sold software that was designed to accomplish just one thing – gain control of a computer, and with it, a victim’s identity and other important information. This malware victimized thousands of people across the globe and invaded their lives. But Yucel’s computer hacking days are now over.”

Beginning in 2010, the Blackshades organisation sold and distributed malware to thousands of cybercriminals throughout the world. After installing the RAT on a victim’s computer, a user of the RAT had free rein to, among other things, access and view documents, photographs, and other files on the victim’s computer, record all of the keystrokes entered on the victim’s keyboard, steal the passwords to the victim’s online accounts, and even activate the victim’s web camera to spy on the victim – all of which could be done without the victim’s knowledge. A Blackshades user could also exploit victims’ computers for Distributed Denial of Service (“DDoS”) attacks by commanding Blackshades-infected computers to repeatedly send requests to targeted websites in an effort to disable those websites and deny service from those websites to legitimate visitors.

The RAT was typically advertised on forums for computer hackers and marketed as a product that conveniently combined the features of several different types of hacking tools. Copies of the Blackshades RAT were available for sale, typically for $40 each, on a website maintained by Blackshades. After purchasing a copy of the RAT, a user had to install the RAT on a victim’s computer – i.e., “infect” a victim’s computer. The infection of a victim’s computer could be accomplished in several ways, including by tricking victims into clicking on malicious links or by hiring others to install the RAT on victims’ computers.

The RAT contained tools known as “spreaders” that helped users of the RAT maximize the number of infections. The spreader tools generally worked by using computers that had already been infected to help spread the RAT further to other computers. For instance, to lure additional victims to click on malicious links that would install the RAT on their computers, the RAT allowed cybercriminals to send those malicious links to others via the initial victim’s social media service, making it appear as if the message had come from the initial victim. For example, a RAT user could send an instant message, or IM, to potential victims that appeared to come from the initial victim, inviting them to click on a link that appeared to lead to a legitimate website, but would instead install the RAT on the potential victim’s computer.

Yucel co-created the Blackshades RAT with Michael Hogue and operated Blackshades with the help of several employees whom Yucel paid to advertise the RAT on various Internet forums and to provide customer support. Blackshades generated sales of more than $350,000 between September 2010 and April 2014.

Chris Boyd, malware intelligence analyst at Malwarebytes, commented: “This is another warning shot across the bows of cybercriminals by the FBI. It is a statement that the organisation is trying to break down international barriers and bring to justice those who think the Internet provides anonymity and co-operation issues for law enforcement. The fact that this is the first time Moldova have extradited anyone to the USA is a marker of this.

“Blackshades was a nasty piece of malware, allowing the shadowy controller to take complete control of the infected computer. This meant victims could unwittingly be spied on through their webcams – leading to a vast amount of privacy violation. It would also allow any information stored on the computer including pictures, videos and personal details to be harvested and sold online.”

Hogue pleaded guilty in January 2013 and is still awaiting sentencing.

How much do you know about the world’s most famous hackers? Try our quiz!