In February this year, we informed our readers about the unceremonious closure met by the infamous hacking tool Luminosity RAT at the hands of law enforcement authorities from Australia, Europe, and North America. Users could no longer feel threatened by the dangerous RAT, which was also known as LuminosityLink, after a joint operation conducted by more than a dozen agencies including Europol.
Luminosity RAT was firstly identified in April 2015, when it was up for sale for $40 and was marketed as an authentic tool designed for Windows admins to help them manage a large number of computers simultaneously. However, it turned out to be a dangerous remote access Trojan, which could easily disable anti-malware and anti-virus programs installed on a computer and evade detection.
In September 2017, the European Cybercrime Centre and National Crime Agency started locating the sellers and users of Luminosity malware and a considerable number of web-based accounts and sellers across the globe were identified and seized subsequently.
The malware author Colton Grubs, known as KFC Watermelon, was also arrested for developing and selling the RAT and offering technical support to those who bought it from him. He used to sell this malware on his website luminosity.link, and managed to sell it to over 6,000 individuals across 78 countries.
The latest on Luminosity RAT is that on Monday, Grubs pleaded guilty in a federal court. Grubs, a 21-year old Kentucky resident, was facing 25 years in jail if the case had gone to trial. The accused has admitted to creating, selling and helping his customers use the malware, which was used to obtain unauthorized access to a huge number of computers located worldwide.
Luminosity RAT could perform a wide range of nefarious actions, as identified by Proofpoint researchers, such as the following:
- Turning the webcam on to spy upon the victim
- Accessing and stealing files, pictures, and sensitive data
- Obtaining passwords
- Installing aggressive keylogger in all processes on the victim’s computer to record every single keystroke entered on the infected computer
The malware was mainly sold on HackForums that was already infamous for involvement in cybercrime indictments such as the Mirai botnet featured on this particular forum in 2016 whereas the notorious Blackshades RAT was also sold on this platform prior to the arrest of its authors.
The link between Luminosity RAT and Blackshades cannot be denied because both were sold on the same forum as benign programs and were basically hacking tools that eventually got their creators detained.
Luminosity malware was advertised widely as a potent hacking tool that could be installed without sending out a notification to the user and comprised or aggressive keyloggers and various spying tools. The malware was also capable of cryptomining and could turn victims’ computers into botnets.
Grubs admitted that he already knew that the buyers of Luminosity malware would be using it for illegal purposes, including invading computers of unsuspecting, innocent users. The full plea agreement can be read here [PDF].