US Shuts Down 'Netwire' Malware That Posed as Legit Remote Admin Tool
A website that was selling a remote administration tool for computers has been shut down after the same software was being sold to cybercriminals as a hacking tool.
On Thursday, US federal authorities announced(Opens in a new window) they had seized worldwiredlabs.com for selling malware capable of taking over computers. Law enforcement in Croatia also arrested a local resident for operating the site.
Worldwiredlabs.com has been around since at least 2012(Opens in a new window), offering a software product called “Netwire,” which is supposedly designed to help IT support staff manage computers remotely. Before the site was seized, it was offering Netwire for $10 per month or $60 per year. However, US investigators say the site was a front to sell the software as a hacking tool to cybercriminals.
Netwire was capable of targeting every major operating system, including Windows, macOS, and Android. A cybercriminal could buy access to deliver it as malware to a victim’s machine. Once it infects, Netwire then secretly hijacked and conducted surveillance on the computer, including logging keystrokes and grabbing screenshots. Over the years, the Netwire malware has proliferated through phishing emails loaded(Opens in a new window) with a malicious PDF or Word document.
The FBI began investigating worldwidelabs.com in 2020; at the time, it was the only known online distributor of NetWire, the DOJ says. “Undercover investigators with the FBI created an account on the website, paid for a subscription plan, and ‘constructed a customized instance of the NetWire RAT (remote access Trojan) using the product’s Builder Tool,’ according to the affidavit(Opens in a new window) in support of the seizure warrant,” federal authorities
Read more on pcmag.com
