The 24-year-old Australian national Jacob Wayne John Keen has been charged for his alleged role in the development and sale of spyware known as Imminent Monitor (IM).
The Australian Federal Police (AFP) launched an investigation into the case, codenamed Cepheus, in 2017 after it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the U.S. FBI.
The man created the malicious code, a remote access trojan (RAT), when he was 15 years old, and maintained its infrastructure from 2013 to 2019. In November 2019, Europol announced to have dismantled the global organized cybercrime ring behind the Imminent Monitor RAT.
The Imminent Monitor RAT is a hacking tool that allows threat actors to remotely control the victim’s computers. The malware can be delivered in multiple ways, including emails and text messages, and could be used to carry out various malicious actions such as:
The international operation conducted by law enforcement agencies targeted both the sellers and users of the Imminent Monitor Remote Access Trojan (IM-RAT).
According to the authorities, the popular hacking tool was used across 124 countries where it was bought by more than 14 500 hackers, that now after the operation will no longer be able to use it.
The police seized the infrastructure used by the organization behind the Imminent Monitor RAT and seized over 430 devices used by the gang and its customers.
Imminent Monitor RAT was very popular because it is easy to use, and it is very cheap, it was offered for as little as $25 with lifetime access. According to the Australian police, the RAT cost about AUD$35 (US$25) and was allegedly advertised on a cybercrime forum. The authorities believe the man earned between $300,000 and $400,000 from selling the malware.
Law enforcement speculates hackers using the hacking tool to steal personal details, passwords, private photographs, video footage, and data from tens of thousands of victims.
“An Australian man, 24, who sparked a global law enforcement operation for allegedly creating and selling spyware purchased by domestic violence perpetrators and other criminals, has been charged by the AFP.” reads a press release published by the Australian Federal Police (AFP). “It will be alleged the Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor (IM), to more than 14,500 individuals across 128 countries.”
The investigation conducted by the AFP identified 201 individuals in Australia who bought the RAT. According to the Australian authorities, 14.2% of Australia-based PayPal purchasers of IM RAT are associated with people named as respondents on domestic violence orders. Additionally, one of these purchasers is also registered on the Child Sex Offender Register.
The defendant has been charged with six counts of committing a computer offense by developing, selling and administrating the RAT.
The man was charged with:
The authorities also accused the mother of the man who was served a summons to face one count of dealing with the proceeds of crime.
As part of Operation Cepheus, eighty-five search warrants were executed globally, with 434 devices seized and 13 people arrested for using the Imminent Monitor (IM) spyware for alleged criminal activities.
“These types of malware are so nefarious because it can provide an offender virtual access to a victim’s bedroom or home without their knowledge,’’ Commander Goldsmid said.
“Unfortunately there are criminals who not only use these tools to steal personal information for financial gain but also for very intrusive and despicable crimes. One of the jobs for the AFP is to educate the public about identifying and protecting themselves from spear-phishing attacks or socially-engineered messaging – essentially emails or texts messages that trick individuals into uploading malware.”
Let me close with some recommendations included in the press release:
Be aware of the infection signs: