Cyber Crime

Australian man charged with creating and selling the Imminent Monitor spyware

An Australian national has been charged for the creation and sale of the Imminent Monitor (IM) spyware, which was also used for criminal purposes.

The 24-year-old Australian national Jacob Wayne John Keen has been charged for his alleged role in the development and sale of spyware known as Imminent Monitor (IM).

The Australian Federal Police (AFP) launched an investigation into the case, codenamed Cepheus, in 2017 after it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the U.S. FBI.

The man created the malicious code, a remote access trojan (RAT), when he was 15 years old, and maintained its infrastructure from 2013 to 2019. In November 2019, Europol announced to have dismantled the global organized cybercrime ring behind the Imminent Monitor RAT.

The Imminent Monitor RAT is a hacking tool that allows threat actors to remotely control the victim’s computers. The malware can be delivered in multiple ways, including emails and text messages, and could be used to carry out various malicious actions such as:

  • recording keystrokes,
  • stealing data and passwords from browsers,
  • spying on victims via their webcams,
  • download/execute files,
  • disabling anti-virus and anti-malware software,
  • terminate running processes,
  • and perform dozens of other actions.

The international operation conducted by law enforcement agencies targeted both the sellers and users of the Imminent Monitor Remote Access Trojan (IM-RAT).

According to the authorities, the popular hacking tool was used across 124 countries where it was bought by more than 14 500 hackers, that now after the operation will no longer be able to use it.

The police seized the infrastructure used by the organization behind the Imminent Monitor RAT and seized over 430 devices used by the gang and its customers.

Imminent Monitor RAT was very popular because it is easy to use, and it is very cheap, it was offered for as little as $25 with lifetime access. According to the Australian police, the RAT cost about AUD$35 (US$25) and was allegedly advertised on a cybercrime forum. The authorities believe the man earned between $300,000 and $400,000 from selling the malware.

Law enforcement speculates hackers using the hacking tool to steal personal details, passwords, private photographs, video footage, and data from tens of thousands of victims.

“An Australian man, 24, who sparked a global law enforcement operation for allegedly creating and selling spyware purchased by domestic violence perpetrators and other criminals, has been charged by the AFP.” reads a press release published by the Australian Federal Police (AFP). “It will be alleged the Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor (IM), to more than 14,500 individuals across 128 countries.”

The investigation conducted by the AFP identified 201 individuals in Australia who bought the RAT. According to the Australian authorities, 14.2% of Australia-based PayPal purchasers of IM RAT are associated with people named as respondents on domestic violence orders. Additionally, one of these purchasers is also registered on the Child Sex Offender Register.

The defendant has been charged with six counts of committing a computer offense by developing, selling and administrating the RAT.

The man was charged with:

  • One count of producing data with intent to commit a computer offence, contrary to section 478.4(1) of the Criminal Code Act 1995 (Cth);
  • Two counts of supplying data with intent to commit a computer offence, contrary to section 478.4(1) of the Criminal Code Act 1995 (Cth);
  • One count of aiding, abetting, counselling or procuring the commission of an offence, namely the unauthorised modification of data to cause impairment, contrary to sub-sections 11.2(1) and 477.2(1) of the Criminal Code Act 1995 (Cth); and
  • Two counts of dealing in the proceeds of crime to the value of $100,000 or more, contrary to section 400.4(1) of the Criminal Code Act 1995 (Cth).

The authorities also accused the mother of the man who was served a summons to face one count of dealing with the proceeds of crime.

As part of Operation Cepheus, eighty-five search warrants were executed globally, with 434 devices seized and 13 people arrested for using the Imminent Monitor (IM) spyware for alleged criminal activities.

“These types of malware are so nefarious because it can provide an offender virtual access to a victim’s bedroom or home without their knowledge,’’ Commander Goldsmid said.

“Unfortunately there are criminals who not only use these tools to steal personal information for financial gain but also for very intrusive and despicable crimes. One of the jobs for the AFP is to educate the public about identifying and protecting themselves from spear-phishing attacks or socially-engineered messaging – essentially emails or texts messages that trick individuals into uploading malware.”

Let me close with some recommendations included in the press release:

Be aware of the infection signs:

  • Your internet connection is unusually slow;
  • Unknown processes are running in your system (visible in the Process tab in Task Manager);
  • Your files are modified or deleted without your permission;
  • Unknown programs are installed on your device (visible in the Add or Remove Programs tab in the Control Panel).

Protect yourself:

  • Ensure that your security software and operating system are up to date;
  • Ensure that your device’s firewall is active;
  • Only download apps and software from sources you can trust;
  • Cover your webcam when not in use;
  • Regularly back up your data;
  • Be wary while browsing the internet and do not click on suspicious links, pop ups or dialogue boxes;
  • Keep your web browser up to date and configured to alert new window is opened or anything is downloaded;
  • Do not click on links and attachments within unexpected or suspicious emails.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Imminent Monitor)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

2 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

9 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

20 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.