Access to a Remote Access Trojan (RAT) known as Imminent Monitor RAT (IM-RAT) has been shut down after a recent investigation led by the Australian Federal Police (AFP). The author of IM-RAT began selling access to the tool in April 2013 with all the typical features seen in most commodity RATs. For the lifetime of the trojan, it remained cheap. A mere $25 was enough to “control unlimited machines.” The number of victims is currently unknown, though the AFP estimates this to be “in the tens of thousands.” Investigations like these often rely on support from tips from private companies. In 2017, tips from the FBI and Palo Alto Networks’ Unit 42 helped kickstart the investigation involving more than a dozen law enforcement agencies from Australia and Europe with international coordination efforts by Europol. The takedown of IM-RAT has been extensive with 85 search warrants executed internationally, over 400 devices seized and 13 people arrested. Even now there are ongoing efforts to uncover individuals who have supported the distribution across 124 countries and more than 14,500 buyers.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for