Two people have been detained in Australia and the United States in relation to a purported plan to create and disseminate the remote access trojan known as Hive RAT (formerly Firebird).
According to the U.S. Department of Justice (DoJ), the virus “gave the malware purchasers control over victim computers and enabled them to access victims’ private communications, their login credentials, and other personal information.”
Edmond Chakhmakhchyan (also known as “Corruption”), a 24-year-old resident of Van Nuys, Los Angeles, California, was placed under arrest when he was discovered selling a Hive RAT licence to a law enforcement undercover agent.
He faces a five-year prison sentence for each of the two counts against him: conspiracy and promoting a device as an intercepting device. On June 4, 2024, Chakhmakhchyan was given a date for his trial after entering a not guilty plea.
According to court documents, the defendant and the inventor of the malware allegedly had a partnership whereby the defendant would offer product support, take bitcoin payments from clients, and post advertisements for the malware on a community dedicated to cybercrime called Hack Forums.
With the use of Hive RAT, users can stop programmes, browse files, log keystrokes, access incoming and outgoing communications, and, without their knowledge or agreement, steal victim passwords and other login information for cryptocurrency wallets and bank accounts from their devices.
“Chakhmakhchyan exchanged electronic messages with purchasers and explained to one buyer that the malware ‘allowed the Hive RAT user to access another person’s computer without that person knowing about the access,'” claimed the Department of Justice.
The Australian Federal Police (AFP) stated that its investigation into the incident started in 2020. The AFP also announced charges against a person for their alleged role in the design and marketing of Hive RAT.
One count of generating data with intent to commit a computer offence, one count of controlling data with intent to commit a computer offence, and ten counts of supplying data with intent to commit a computer offence are among the twelve accusations that the unidentified suspect is facing. Each of these offences has a maximum sentence of three years in jail.
“Remote Access Trojans are one of the most harmful cyber threats in the online environment – once installed onto a device, a RAT can provide criminals with full access to, and control of the device,” Sue Evans, the AFP Acting Commander for Cybercrime, said
“This could include anything from committing crimes anonymously, watching victims through camera devices, wiping hard drives, or stealing banking credentials and other sensitive information.”
A Nebraska Man Is Charged With Cryptojacking
This development coincides with the indictment of 45-year-old Charles O. Parks III (also known as “CP3O”) by federal prosecutors in the United States for running a vastly illegal cryptojacking operation and tricking “two well-known providers of cloud computing services” out of over $3.5 million in computer resources in order to mine cryptocurrency valued at almost $1 million.
Parks is accused of wire fraud, money laundering, and participating in illegal financial activities in the indictment. On April 13, 2024, he was taken into custody. The maximum penalty for the counts of wire fraud and money laundering is 20 years in prison. In addition, he might serve ten years in prison for engaging in illegal financial activities.
The DoJ mentioned that the businesses are situated in Redmond, Washington, which is home to Microsoft and Amazon’s corporate headquarters, and Seattle, Washington, which is the state capital of Washington. However, it did not specifically name which cloud providers were the focus of the fraudulent operation.
“From in or about January 2021 through August 2021, Parks created and used a variety of names, corporate affiliations and email addresses, including emails with domains from corporate entities he operated […] to register numerous accounts with the cloud providers and to gain access to massive amounts of computing processing power and storage that he did not pay for,” the Department of Justice stated.
In order to hide the digital transaction trail, the illegally obtained resources were then used to mine cryptocurrencies like Ether (ETH), Litecoin (LTC), and Monero (XMR). These cryptocurrencies were laundered through a network of cryptocurrency exchanges, a non-fungible token (NFT) marketplace, an online payment provider, and conventional bank accounts.
Prosecutors claimed that after the illicit gains were exchanged for dollars, Parks used the money to buy a Mercedes Benz luxury vehicle, jewellery, first-class lodging, and travel expenses, among other ostentatious expenditures.
“Parks tricked the providers into approving heightened privileges and benefits, including elevated levels of cloud computing services and deferred billing accommodations, and deflected inquiries from the providers regarding questionable data usage and mounting unpaid subscription balances,” the Department of Justice stated.