What just happened? The US Attorney’s Office, Central District of California, recently announced the seizure of WorldWiredLabs web domain and supporting infrastructure. The operation, coordinated across several countries and law enforcement organizations, stopped distribution of the NetWire Remote Access Trojan (RAT). The malware was disguised and marketed as a legitimate management tool that was used by malicious actors to gain unauthorized access to target systems.
Successful efforts to contain RAT come after several years of investigation, monitoring, and planning by law enforcement agencies around the world. Los Angeles federal authorities exercised a forfeiture order worldwiredlabs.com on the Web, which has been used to sell and distribute NetWire malware. In addition to the detention, the authorities arrested A Croatian national who is specified as the site administrator. exact now website Refers to a coordinated effort between the US, Croatian, Swiss, Australian and other Europol authorities.
It’s set! coordinator #law enforcement Action · ð¨ðÂÂð¦ðºðºð¸ down #netware Remote Access Infrastructure Trojan.
� “Prime suspect arrested.#netware It is a licensed commodity remote control tool that is offered in underground forums for non-technical users to carry out their criminal activities.
– EC3 (@EC3Europol) March 10, 2023
The FBI’s initial investigation began in 2020 when investigators purchased a copy of the suspected malware and turned it over for further analysis. According to the noteSummary of possible cause FBI investigators were able to successfully access the site, pay for the subscription plan, and download the NetWire RAT package for use. Once obtained, the FBI computer scientist used the NetWire builder to create an instance to test the malware’s capabilities against a specific test machine. At no time does NetWire attempt to verify that those analyzing the software have access to the target machine.
Once configured, the FBI computer scientist confirmed that the software allowed NetWire users to access files, close applications, retrieve authentication information, track keystrokes, execute commands, and take screenshots, all without alerting the target user. These capabilities, behaviors, and lack of notification, which are all calling cards of a traditional RAT attack, are all designed to attract malicious actors with the intent of taking advantage of other unsuspecting users.
There are a number of ways organizations and users can help prevent themselves from falling victim to RATs and other social engineering attacks. previous article from Information Security It explains in detail how NetWire works and offers tips for users and organizations to defend themselves against these types of attacks. These include:
- Train users to be aware of potential phishing schemes and how to deal with them
- Identify emails from unfamiliar senders or sources and suspicious attachments
- Check sources by alternative means before opening or downloading content
- Use anti-malware, antivirus, or other endpoint protection software
- Keep all programs and operating system files updated
Donald Oloy, Associate Director in Charge of the FBI’s Los Angeles Field Office, highlighted the importance of NetWire malware removal. “By removing the NetWire RAT, the FBI has impacted the cybercriminal system.” Alway’s statements also highlighted the fact that “…the global partnership leading to the arrest in Croatia also removed a common tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cybercriminals.”
