{"id":617365,"date":"2023-03-13T09:49:43","date_gmt":"2023-03-13T14:49:43","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/03\/13\/international-authorities-bring-netwires-malware-infrastructure-to-a-standstill\/"},"modified":"2023-03-13T09:49:43","modified_gmt":"2023-03-13T14:49:43","slug":"international-authorities-bring-netwires-malware-infrastructure-to-a-standstill","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/03\/13\/international-authorities-bring-netwires-malware-infrastructure-to-a-standstill\/","title":{"rendered":"International authorities bring NetWire’s malware infrastructure to a standstill"},"content":{"rendered":"

TechSpot is about to celebrate its 25th anniversary. TechSpot means tech analysis and advice you\u00a0can\u00a0trust<\/a>.<\/p>\n

\n

What just happened?<\/strong> The US Attorney’s Office, Central District of California, recently announced the seizure of the WorldWiredLabs web domain and supporting infrastructure. The operation, which was coordinated across several countries and law enforcement organizations, stopped the distribution of the NetWire remote access trojan (RAT). The malware was disguised and marketed as a legitimate administration tool that was used by malicious actors to gain unauthorized access to targeted systems. <\/p>\n

The successful effort to corner the RAT follows several years of investigation, observation, and planning by law enforcement agencies around the world. Federal authorities in Los Angeles exercised a warrant to seize the worldwiredlabs.com<\/a> web domain, which was used to sell and distribute the NetWire malware. In addition to the seizure, authorities arrested a Croation national<\/a> who was identified as the site’s administrator. The now seized website<\/a> indicates a coordinated effort between US, Croatian, Swiss, Australian, and other Europol-affiliated authorities.<\/p>\n

\n
\n

Busted! A coordinated #lawenforcement<\/a> action \u00f0\u00c2\u00c2\u00ad\u00f0\u00c2\u00c2\u00b7\u00f0\u00c2\u00c2\u00a8\u00f0\u00c2\u00c2\u00ad\u00f0\u00c2\u00c2\u00a6\u00f0\u00c2\u00c2\u00ba\u00f0\u00c2\u00c2\u00ba\u00f0\u00c2\u00c2\u00b8 has taken down the #Netwire<\/a> Remote Access Trojan infrastructure.<\/p>\n

\n\u00ef\u00bf\u00bd” Main suspect arrested.#Netwire<\/a> is a Licensed Commodity RAT offered in underground forums to non-technical users to carry out their own criminal activities.<\/p>\n<\/div>\n

\u2014 EC3 (@EC3Europol) March 10, 2023<\/a><\/p><\/blockquote>\n

The FBI’s initial investigation began in 2020 when investigators purchased a copy of the suspected malware and turned it over for further analysis. According to the warrant<\/a>‘s summary of probable cause, FBI investigators were able to successfully access the site, pay for a subscription plan, and download the NetWire RAT package for use. Once acquired, an FBI computer scientist used NetWire’s builder tool to configure an instance to test the malware’s capabilities against a specified test machine. At no point did NetWire attempt to verify that those analyzing the software actually had access to the targeted machine.<\/p>\n

Once configured, the FBI computer scientist confirmed that the software allowed NetWire users to access files, close applications, retrieve authentication information, track keystrokes, execute commands, and take screenshots, all without alerting the targeted user. These capabilities, behaviors, and lack of notification, which are all calling cards of a traditional RAT attack, are all designed to attract malicious actors with the intent to take advantage of other unsuspecting users.<\/p>\n