The owner of a Swedish organization at the back of a popular far-flung management device (RAT) implicated in thousands of malware attacks stocks the identical name as a Swedish guy who pleaded responsible in 2015 to co-developing the Blackshades RAT, a comparable product that became used to infect more than half of one million computers with malware, KrebsOnSecurity has found out.
At trouble is a program referred to as “WebMonitor,” which was designed to permit users to remotely manipulate a computer (or more than one machine) thru a Web browser. The makers of WebMonitor, a corporation in Sweden known as “RevCode,” say their product is a felony and valid software program “that facilitates companies and personal users handle the security of owned devices. But critics say WebMonitor is far more likely to be deployed on “pwned” gadgets, or those which can be surreptitiously hacked.
The software program is broadly categorized as malware by maximum antivirus corporations, probable way to a marketed function listing that consists of dumping the faraway computer’s temporary reminiscence; retrieving passwords from dozens of email applications; snarfing the goal’s Wi-Fi credentials, and viewing the target’s Webcam.
In a write-up on WebMonitor posted in April 2018, researchers from safety firm Palo Alto Networks stated that the product had often been advertised on underground hacking boards. Its developers promoted several software traits possibly to enchantment to cyber criminals seeking to compromise PCs secretly.
For example, RevCode’s internet site touted the software’s compatibility with all “crypters,” software that could encrypt, obfuscate and manage malware to make it tougher to discover by way of antivirus applications. Palo Alto also cited WebMonitor includes the option to suppress any notification bins which could pop up whilst the RAT is being mounted on a laptop. RevCode continues it is a legitimate business enterprise formally registered in Sweden that obeys all applicable Swedish laws.
A few hours of searching online turned up an interesting document at Ratsit AB, a credit score statistics carrier-based totally in Sweden. That report indicates RevCode is owned by 28-12 months-vintage Swedish resident Alex Yücel. In February 2015, a then 24-year-vintage Alex Yücel pleaded responsible in a U.S. Court to laptop hacking and creating.
Advertising and promoting Blackshades, a RAT used to compromise and spy on loads of lots of computer systems. Arrested in Moldova in 2013 as part of a big-scale, international takedown in opposition to Blackshades and loads of clients, Yücel became the primary individual ever to be extradited from Moldova to the United States.
Yücel was sentenced to 57 months in jail, but in keeping with a record for Yücel on the U.S. Federal Bureau of Prisons, he was released on Nov. 1, 2016. The first commercials in hacker boards for the sale of WebMonitor commenced in mid-2017. RevCode became registered as a respectable Swedish business enterprise in 2018, in step with Rats.
Until recently, RevCode published a price brought tax (VAT) range on its Web website, an identifier used in lots of European nations for price added tax purposes. That VAT number was first noted by using the weblog Krabsonsecurity.Com (which borrows closely from this website’s design and banner; however, otherwise bears no relation to KrebsOnSecurity.Com) — has considering been eliminated from the RevCode Web site and historical records at The Internet Archive. The VAT variety mentioned in that record is registered to Alex Yücel and matches the variety listed for RevCode by Ratsit AB.
Yücel could not be right now reached for comment. But an unnamed person responded to an email despatched to the customer service cop listed at RevCode’s website online. Presented with the records and hyperlinks referenced above, the individual responding wrote, “nobody running for/with RevCode is in any manner associated with BlackShades. Anything else suggesting otherwise is nothing but rumors and tries to degrade our organization via defamation. The character responding from the RevCode assist electronic mail cope contended that the Alex Yücel listed as the agency’s proprietor turned into no longer the identical Alex Yücel convicted of co-authoring Blackshades. However, until the Ratsit document is completely wrong, this seems not going to be real.
According to the Rats listing, Alex Yücel, who heads RevCode, presently lives in a suburb of Stockholm, Sweden, with his dad and mom, Can and Rita Yücel. Can and Rita Yücel co-signed a letter (PDF) in June 2015 testifying to a New York federal court docket concerning their son’s upstanding ethical person previous to Yücel the more youthful sentencing for the Blackshades conviction, according to court docket statistics?
