AFP Allege Aussie Man Created Spyware When He Was a Teen That Left Thousands of Victims Globally

AFP Allege Aussie Man Created Spyware When He Was a Teen That Left Thousands of Victims Globally
The AFP allege the 24-year-old created and distributed a spyware tool from 2013-2019. Image: file photo

A 24-year-old man from Frankston was charged by the AFP for allegedly creating a spyware tool that was believed to have been used by domestic violence perpetrators and other criminals.

Over the weekend, a statement from the Australian Federal Police (AFP) detailed that the man allegedly created the Remote Access Trojan (RAT) back when he was 15.

The man was charged after AFP investigators served a summons on him at his Melbourne home on 6 July, 2022. According to the AFP statement, he’s facing six charges for his alleged role in creating, selling and administering the RAT between 2013 and 2019 when he appears in Brisbane Magistrates Court on August 18.

It will be alleged the man engaged with a network of individuals and sold the spyware, named Imminent Monitor (IM), to more than 14,500 individuals across 128 countries.

The AFP said the spyware cost about $35 and was allegedly advertised on a forum dedicated to hacking. It will be alleged the man made between $300,000 and $400,000 from selling the malware, the AFP said.

The AFP believes there were tens of thousands of victims affected by the spyware tool, globally.

“In a world first for any law enforcement agency, the AFP was not only able to identify the alleged Australian offenders who bought the RAT but also identified the Australian victims who were targeted,” the AFP wrote.

According to the AFP, they were able to identify 201 individuals in Australia who bought the RAT.

“A statistically high percentage of Australia-based PayPal purchasers of IM RAT (14.2 per cent) are named as respondents on domestic violence orders,” the AFP added. “Additionally, one of these purchasers is also registered on the Child Sex Offender Register.”

Of the 14 individuals, the AFP said 11 bought the RAT during the active period of their domestic violence order (DVO) or within two years of a DVO being issued.

The AFP said a 42-year-old woman, who lives at the same Frankston home as the man, was served a summons to face one count of dealing with the proceeds of crime.

So how did the spyware work?

The AFP’s explanation details nothing abnormal for spyware. The AFP said once the RAT was installed on a victim’s computer, users could control a victim’s computer; steal their personal information or spy on them by turning on webcams and microphones on devices – all without their knowledge.

It could also log key strokes (which means users could see what was being written in emails and other documents). Unfortunately, this information could include the home address of a victim.

The spyware could be installed a number of ways, but it’s understood phishing was the most common way.

Interestingly, the investigation began when the AFP received information from cybersecurity firm Palo Alto Networks and the FBI about a suspicious RAT in 2017.

The information sparked a global investigation, which included more than a dozen law enforcement agencies in Europe.

“85 search warrants were executed globally, with 434 devices seized and 13 people arrested for using the RAT for alleged criminality,” the AFP said.

The man was charged with one count of producing data with intent to commit a computer offence; two counts of supplying data with intent to commit a computer offence; one count of aiding, abetting, counselling or procuring the commission of an offence, namely the unauthorised modification of data to cause impairment; and two counts of dealing in the proceeds of crime to the value of $100,000 or more. The maximum penalty for these offences is 20 years’ imprisonment.