Policy —

“Blackshades” peeping Tom malware maker pleads guilty

The trojan is famous for allowing men to spy on women through webcams.

“Blackshades” peeping Tom malware maker pleads guilty

The co-creator of the $40 Blackshades Remote Access Tool (RAT) pleaded guilty Wednesday to a federal charge of distributing malware that federal authorities said infected half a million computers globally.

At his scheduled May sentencing hearing in New York Federal court, Alex Yücel, 24, faces a maximum seven-year prison term (PDF). He is the fourth US defendant connected to the scheme whose victims include Miss Teen USA, who was the target of a high-profile peeping Tom attack that secretly snapped nude images while she was dressing in her bedroom.

According to federal prosecutors, who explained RATing:

Once a computer was infected with the RAT, the user of the RAT had complete control over the computer. The user could, among other things, remotely activate the victim’s Web camera. In this way, the user could spy on anyone within view of the victim’s webcam inside the victim’s home or in any other private spaces where the victim’s computer was used. The RAT also contained a "key logger" feature that allowed users to record each key that victims typed on their computer keyboards. To help users steal a victim’s passwords and other log-in credentials, the RAT also had a “form grabber” feature. The "form grabber" automatically captured log-in information that victims entered into "forms" on their infected computers (e.g., log-in screens or order purchase screens for online accounts).

Yücel sold Blackshades for about $40 online and provided technical support for the malware. Indictments in US District Court in Manhattan also named Brendan Johnston with distributing, marketing, and supporting Blackshades and Kyle Fedorek and Marlen Rappa with purchasing it and collectively using it to infect more than 400 people. They have all pleaded guilty and are awaiting sentencing, as is Michael Hogue, the co-creator of the malware.

Yücel, a Swedish national, was arrested in Moldova in 2013 and was accused (PDF) of hiring several paid employees, including a director of marketing, website developer, customer service manager, and a team of customer service representatives for his malware operation. The malware generated sales of more than $350,000 from 2010 to 2013, the authorities said.

"Through his creation and sale of the Blackshades RAT, Alex Yücel enabled anyone, for just $40, to violate the property and privacy of his victims. With his guilty plea today, Yücel will now have to pay for his conduct," Manhattan US Attorney Preet Bharara said (PDF).

Blackshades was used to perpetrate everything from bank fraud to extortion. It's famous for allowing men to spy on women through the webcams of RAT-infected PCs.

Miss Teen USA said in 2013 she was the victim of malware that for months had been used to secretly spy on her. Prosecutors said a former classmate sent the teen Facebook messages that included malicious links that infected her computer with Blackshades and other RATs. Jared Abrahams, who was 19 years old at the time, was sentenced to 18 months in prison after pleading guilty.

Channel Ars Technica