Central California | Federal authorities have seized an Internet domain that sells malware used to illegally monitor and steal data from victims’ computers
LOS ANGELES — As part of an international law enforcement effort, federal authorities in Los Angeles this week seized an Internet domain used to sell computer malware used by cybercriminals to control infected computers and steal vast amounts of information.
A seizure order approved by a United States Magistrate Judge on March 3 and executed on Tuesday brought the seizure. www.worldwiredlabs.com, which offered the NetWire Remote Access Trojan (RAT), a sophisticated program capable of targeting and infecting any major computer operating system. “A RAT is a type of malware that allows for surreptitious surveillance, allowing a ‘backdoor’ for administrative control and unfettered and unauthorized remote access to a victim’s computer without the victim’s knowledge or permission,” according to the lawsuit filed in Los Angeles. in the documents.
As part of this week’s law enforcement crackdown, Croatian authorities on Tuesday arrested a Croatian national who allegedly was the site’s administrator. This accused will be prosecuted by the Croatian authorities. Additionally, on Tuesday, Swiss law enforcement seized the computer server hosting the NetWire RAT infrastructure.
The FBI in Los Angeles launched an investigation in 2020 into Global Labs, the only known online distributor of NetWire. Undercover FBI investigators created an account on the site, paid for a subscription plan and “built a customized instance of the NetWire RAT using the product’s Builder Tool,” according to an affidavit supporting the seizure warrant.
Although the website marketed NetWire as a legitimate business tool to protect computer infrastructure, the affidavit says NetWire is malware used for malicious purposes, the software has been advertised on hacking forums, and numerous cybersecurity companies and government agencies authorities have documented the NetWire incidents. RAT is used in criminal activities.
“Today’s action is a testament to the innovation and flexibility needed to combat cybercriminals who operate without borders,” said United States Attorney Martin Estrada. “Our office will continue to build international alliances to protect our communities from cyber threats. Criminals have exploited NetWire on a global scale, and we have responded by dismantling the infrastructure that has caused untold harm to victims around the world.”
“By removing the Netwire RAT, the FBI impacted the criminal cyber ecosystem,” said Donald Alloway, assistant director of the FBI’s Los Angeles Field Office. “The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers – a global fraud, data breach and network intrusion by threat groups and cybercriminals.”
This matter is the result of strong cooperation between United States law enforcement agencies in Croatia and other global partners. FBI Los Angeles Field Office; Croatian Ministry of Internal Affairs, Criminal Police Department; Zurich Cantonal Police in Switzerland; Europol European Center for Combating Cybercrimes; and the Australian Federal Police conducted an investigation into the matter.
Assistant United States Attorneys Lisa Feldman of the Cyber and Intellectual Property Crimes Division and Maxwell Cole of the Asset Forfeiture and Recovery Division obtained the warrant to seize the Internet domain. The Office of International Affairs of the Criminal Division of the Department of Justice provided significant assistance in the investigation.