Blackshades is a random access trojan (RAT) providing an attacker with complete control over an infected system. The malware has a user-friendly point-and-click interface that requires no specialist skills or knowledge.
Blackshades has the following capabilities:
– Key logging
– Screen capture
– Control over hardware elements such as webcam and speakers
– File encryption
– Replication to the social contacts of the victim
The Poison Ivy RAT which I wrote about around a year ago, is similar.
As the malware is often used for creepy “Peeping Tom” activity, by activating the webcam to take photographs and video of unsuspecting users, it is classified as creepware. Earlier this year a 20-year old student was charged with using Blackshades for taking images of Miss Teen USA and then attempting to blackmail her. Unsurprisingly, rather than cede to the creeps demands, she reported him to authorities and he is now in prison.
Blackshades has been used primarily at the lighter end of the criminal world by entry-level hackers, youngsters dipping their toes into the illegal world of spying on others. The malware was available from the http://www.Bshades.eu site for $40. Before authorities shut the site down, the spyware was purchased by several thousand users in over 100 countries and deployed on more than half a million PCs.
The FBI have drawn up a list of things to look for if you suspect your PC may be infected with Blackshades.
Remote access tools are popular for legitimate purposes such as for software support. Applications such as Team Viewer are well known for this purpose. FinFisher is used by governments. It has been reported that BlackShades was used by the Syrian government to target activists. According to Glenn Greenwald, the NSA has infected 50,000 PCs with malware in order to carry our surveillance.
After the author of Blackshades was arrested in 2012, he has been co-operating with authorities to identify customers of his product. Last week, authorities sprung into action in a drive coordinated by the FBI and Europol, to crack down on Blackshades users. Law enforcement made around 100 arrests in 16 countries – the USA, Canada and European countries.
In addition to the Blackshades arrests, this past week has been a particularly active one for cyber crime law enforcement:
– Australian police arrested man in connection with hacking attacks on corporate and government websites.
– US Justice Department indicted five members of the Chinese military on charges of hacking and industrial espionage. The move was symbolic only as it is unlikely that Chinese authorities will hand the men over (there is no extradition treaty between the two countries), and the individuals are unlikely to visit the US on their own accord.
– A group of 9 Nigerians and a South African were arrested in South Africa and face extradition to the US for cyber crimes.
There are now fewer safe havens for criminals. Cyber crime transcends international borders, so too should law enforcement cooperation.