Pierluigi Paganini April 15, 2024

A joint investigation conducted by U.S. and Australian authorities led to the arrest of two key figures behind the Firebird RAT operation.

A joint law enforcement operation conducted by the Australian Federal Police (AFP) and the FBI resulted in the arrest and charging of two individuals suspected of creating and selling the Firebird RAT, which was later renamed as Hive.

Australian Federal Police reported that an Australian man and a man based in the US will appear in court, following the international investigation that began in 2020. The Australian man faces twelve counts of computer offenses.

The Australian man developed and sold Firebird to customers on a dedicated hacking forum.

The RAT allowed customers to access and control their victims’ computers remotely, its author advertised its stealing capabilities.

Last week, the FBI arrested Edmond Chakhmakhchyan, 24, of Van Nuys, on charges of marketing and selling the RAT. Chakhmakhchyan, aka “Corruption,” was apprehended by FBI agents and pleaded not guilty to two charges. He is accused of advertising and selling the Hive remote access trojan (RAT) on the “Hack Forums” website. The man was accepting Bitcoin payments for licenses and offering customer service to buyers.

“Customers purchasing the malware “would transmit Hive RAT to protected computers and gain unauthorized control over and access to these computers, which allowed the RAT purchaser to close or disable programs, browse files, record keystrokes, access incoming and outgoing communications, and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets, all without the victims’ knowledge or permission,” according to the indictment.” reported the DoJ. “Chakhmakhchyan allegedly began working with the creator of the Hive RAT, previously known as “Firebird,” approximately four years ago, and advertised online the RAT’s many features, including features that allowed the owner to remotely access victim computers and intercept communications and data without the victim knowing.“

According to the indictment, Chakhmakhchyan engaged in electronic communication with buyers after advertising the Hive RAT. He explained to one buyer that the malware allowed access to another person’s computer without their knowledge. When informed that the target had significant cryptocurrency and project files, Chakhmakhchyan agreed to sell the Hive RAT.

“After this purchaser told Chakhmakhchyan that “the point” of using the Hive RAT was because the victim had “20k in bitcoin on a blockchain wallet” and “project files worth over 5k,” Chakhmakhchyan agreed to sell the Hive RAT, the indictment alleges.” continues DoJ.

The DoJ states that the man allegedly sold a license to an undercover law enforcement agent. Chakhmakhchyan faces charges of conspiracy and advertising a device as an interception device, each carrying a maximum penalty of five years in federal prison.

Chakhmakhchyan could face up to ten years in prison, while the maximum penalty for the Australian man is three years imprisonment.

(SecurityAffairs – hacking, malware)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini