International Law Enforcement Takes Down Infamous NetWire Cross-Platform RAT

March 10, 2023Rabbi LakshmananCyber ​​Crime/Cyber ​​Threat

A coordinated international law enforcement exercise brought down the online infrastructure associated with a cross-platform Remote Access Trojan (RAT). net wire.

Concurrent with the seizure of the sales website www.worldwiredlabs[.]A Croatian suspected of being the administrator of a website called.com has been arrested. The suspect’s name has not been released, but investigative journalist Brian Krebs identified Mario Zanko as the owner of the domain.

“NetWire is a licensed commercial RAT offered to non-technical users to carry out their own criminal activities on underground forums,” said Europol’s European Cybercrime Center (EC3). . Said on Twitter.

Advertised since at least 2012, this malware is typically distributed via malspam campaigns to give remote attackers complete control over Windows, macOS, or Linux systems. It also has password stealing and keylogging capabilities.

The U.S. Department of Justice (DoJ) announced in 2020 that an investigation into malware operations was launched by the Federal Bureau of Investigation (FBI) after the agency created an account on the site and charged a subscription fee to create a custom NetWire RAT instance. I said I paid. .

Over the past year, NetWire has been used by multiple threat actors, including TA2541 and OPERA1ER, to compromise targets of interest and collect sensitive information. He also emerged as one of the most prevalent RATs in Q4 2022, according to Avast.

“By removing the Netwire RAT, the FBI has made an impact on the criminal cyber ecosystem,” said Donald Alway, assistant director of the FBI’s Los Angeles office, in a statement.

“The global partnership that led to the arrest in Croatia is a popular tool used to hijack computers to perpetuate global fraud, data breaches and network intrusions by threat groups and cybercriminals. I also removed a tool.”