BlackShades "cheap" malware allowed criminals hijack half a million computers

Data CBR Staff Writer

11:16, May 20 2014


Crackdown in Europe, US results in 97 arrests

Law enforcement agencies across Europe and the US have arrested 97 cyber criminals for using BlackShades malware for various illegal practices ranging from stealing personal data to blackmailing the victims.

Blackshades allows criminals to steal passwords and banking credentials; hack into social media accounts; access documents, photos, and other computer files; record all keystrokes; activate webcams; hold a computer for ransom; and use the computer in distributed denial of service (DDoS) attacks.

The BlackShades website has been selling malware, especially the Remote Access Tool or RAT, for as low as $40. Its low cost and customizable feature made the malware easily available and in handy for criminals.

The website is suspected to have been in the business from at least 2010, and generated sales of more than $350,000 up to April 2014. The domain of BlackShades website has since been seized.

US Federal Bureau of Investigation (FBI) said in a statement, "This software was sold and distributed to thousands of people in more than 100 countries and has been used to infect more than half a million computers worldwide."

Monday's crackdown was undertaken by about 16 countries, in coordination with FBI, EU's judicial cooperation agency Eurojust, and European Cybercrime Centre (EC3) at Europol.

Nearly 360 house searches were carried out worldwide, and over 1,100 data storage devices, including computers, laptops, mobiles and USB memory sticks, were seized.

Cash, illegal firearms and drugs were also recovered in the searches, said Eurojust.

The BlackShades malware is believed to be developed by Swedish national Alex Yucel and US citizen Michael Hogue. Hogue was arrested in 2012 on charges of cyber crime and pleaded guilty in 2013 on two counts of computer hacking.

The FBI unsealed an indictment against Yucel, who was arrested in November last year in Maldova and is awaiting extradition to the US.

According to FBI, Yucel ran his organization like a business -- hiring and firing employees, paying salaries, and updating the malicious software in response to customers' requests.

The existence of the Blackshades malware came to light as part of FBI's Operation Cardshop, an investigation into worldwide "carding" crimes. The names of Yucel and Hogue figured in this investigation.

Investigators have so far conducted 100 interviews, executed more than 100 e-mail and physical search warrants, and seized more than 1,900 domains used by Blackshades users to control victims' computers.

An 18-year-old man was arrested recently in the Netherlands for infecting at least 2,000 computers with BlackShades malware, and controlling the victim's webcams to take pictures of women.

Photo courtesy of Victor Habbick/

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.