An international law enforcement operation involving the FBI and police agencies worldwide has seized an internet domain, worldwiredlabs.com, that was selling malicious software criminals used to steal data from and take control of victims’ computers.
The service was sold via the website where users could sign up for subscriptions for as little as $10 a month, which included support.
Threat actors could use the Netwire RAT to remotely take screenshots, download and upload files, execute commands, or download further programs to execute on infected Windows computers.
The malware, first discovered in 2012, is often hidden in malicious files. The RAT is a favorite of cybercrime gangs and state-backed groups and is frequently delivered by phishing attacks. After infecting a victim’s smartphone or laptop, the RAT’s capabilities include stealing passwords, keylogging, and remotely controlling the device.
As part of this operation, the FBI seized the worldwiredlabs.com domain used to promote the service, and police in Switzerland seized the server hosting the website.
The website now displays a seizure message, stating, “This Website Has Been Seized as part of a coordinated law enforcement action taken against the NetWire Remote Access Trojan.”
A Croatian national suspected to be the administrator of the NetWire website was also arrested on Tuesday in Croatia and will be prosecuted by local authorities.
