Naked Security Naked Security

IM RAT spy tool seller raided, busted, kicked offline

The spyware gave complete control of victimized computers, sold for as little as$25, and was bought by 14,500 hackers worldwide.

Imminent Methods – a marketplace where hackers could buy spyware for as little as $25 – has been taken down after an international investigation that’s led law enforcement to nine countries as they seek out the people who sell, buy and use its tool.

The UK’s National Crime Agency (NCA) said last week that 14,500 buyers picked up the tool, which is called the Imminent Monitor Remote Access Trojan (IM RAT).

Once a crook covertly slips the tool onto a targeted computer, IM RAT gives them full access, enabling them to turn off anti-virus software, steal data or passwords, record keystrokes, and eavesdrop on their victims via their webcams.

The Australian Federal Police (AFP) led the operation, with the North West Regional Organised Crime Unit (NWROCU) leading the UK investigation and the NCA supporting it. The action started a week ago, on 25 November, with 21 search warrants executed in the UK alone. The UK warrants – all of which were for suspected users of the RAT – led to nine arrests and seizure of what the NCA said was more than 100 pieces of evidence.

In total, worldwide, police executed 85 warrants, arrested 14 people and seized more than 400 items.

On Friday, police took down the Imminent Methods site. Pulling the site down means that the RAT can’t be used by the crooks who bought it, the NCA said.

Phil Larratt, from the NCA’s National Cyber Crime Unit, said that the IM RAT was used by individual crooks and organized crime outfits to break the UK’s Computer Misuse Act in a number of ways: by fraud, theft and voyeurism.

Cyber criminals who bought this tool for as little as US$25 were able to commit serious criminality, remotely invading the privacy of unsuspecting victims and stealing sensitive data.

Detective Inspector Andy Milligan, from the NWROCU, said that this has been “a complex, challenging cyber investigation with international scope” that was supported by Europol and Eurojust, among other cybercrime fighters. There well may be plenty of similar tools for sale elsewhere, but at least this one – what sounds like a cyberstalker/cyberburglar’s dream – is hopefully out of the running for good.


The illicit use of IM RAT is akin to a cyberburglary, with criminals stealing data, including images and movies, secretly turning on webcams, monitoring keystrokes and listening in to people’s conversations via computer microphones.

What to do?

Milligan said that to protect ourselves from RATs, we should all keep our operating systems up to date, use anti-virus software (such as Sophos Home), and refrain from clicking on links or attachments in suspicious emails.

Leave a Reply

Your email address will not be published. Required fields are marked *