Hive RAT creator and mastermind of $3.5M cryptocurrency hijack arrested in global crackdown

Two people in Australia and the United States have been arrested for allegedly developing and distributing a remote access Trojan called Hive RAT (formerly known as Firebird).

The U.S. Department of Justice (DoJ) said the malware “enabled malware buyers to take control of victim computers and gave them access to victims’ private communications, login credentials, and other personal information.”

Edmond Chakhmakhchyan (aka “Corrupt”), a 24-year-old man from Van Nuys, Los Angeles, California, was arrested for selling Hive RAT licenses to undercover employees of law enforcement agencies.

He was charged with one count of conspiracy and one count of advertising the device as an interception device, each count punishable by five years in prison. Chakhmakhchyan has pleaded not guilty and will stand trial on June 4, 2024.

Court documents allege that there was a partnership between the creators of the malware and the defendants, under which the latter would advertise the malware on cybercrime forums called Hack Forums and accept cryptocurrency payments from customers. , and provide product support.

Hive RAT has the ability to kill programs, browse files, log keystrokes, access incoming and outgoing communications, and steal victim passwords for bank accounts and cryptocurrency wallets and others from the victim’s computer without the victim’s knowledge or consent. The function of the certificate.

“Chakhmakhchyan exchanged electronic messages with buyers and explained to one buyer that the malware ‘allowed Hive RAT users to access other people’s computers without their knowledge,'” the DOJ said.

The Australian Federal Police (AFP) announced charges against a citizen suspected of being involved in the manufacture and sale of Hive RAT, and said an investigation into the matter began in 2020.

The unnamed suspect faces 12 charges, including one count of providing data with intent to commit a computer crime, one count of controlling data with intent to commit a computer crime and 10 counts of providing data with intent to commit a computer crime. crime. The maximum penalty for each offense is three years’ imprisonment.

Sue Evans, AFP’s acting cybercrime commander, said: “Remote access Trojans are one of the most harmful cyber threats in the online environment. Once installed on a device, a RAT can provide criminals with complete access to the device. Access and control.”

“This could include anything from committing crimes anonymously to spying on victims through camera equipment, wiping hard drives or stealing banking credentials and other sensitive information.”

Nebraska man indicted in cryptojacking scheme

The development comes as U.S. federal prosecutors indicted 45-year-old Charles O. Parks III, also known as “CP3O,” for conducting a large-scale illegal cryptojacking operation that defrauded “two well-known cloud computing service providers” of more than $3.5 million in mining value. Nearly $1 million in cryptocurrency computing resources.

The indictment charges the Parkers with wire fraud, money laundering and engaging in illegal currency transactions. He was arrested on April 13, 2024. He also faces 10 years in prison for illegal currency transactions.

While the DOJ did not specify which cloud providers were targeted by the fraud, it noted that the companies were based in Seattle and Redmond, Washington — the corporate headquarters of Amazon and Microsoft.

“From approximately January 2021 to August 2021, Parks created and used various names, corporate affiliations, and email addresses, including emails bearing the domain of the corporate entity he operated […] Registered a large number of accounts with a cloud provider and obtained large amounts of computing processing power and storage space for which he did not pay,” the U.S. Department of Justice said.

The illegally obtained resources are then used to mine cryptocurrencies such as Ethereum (ETH), Litecoin (LTC) and Monero (XMR), which are traded through a network of cryptocurrency exchanges, non-fungible tokens (NFTs) Marketplaces, online payment providers and traditional bank accounts are used to launder money and hide traces of digital transactions.

The ill-gotten gains were eventually converted into U.S. dollars, which Parks used to make a variety of lavish purchases, including Mercedes-Benz luxury cars, jewelry, first-class hotels and travel expenses, prosecutors said.

“Parks deceived providers into approving enhanced privileges and benefits, including increased cloud service levels and deferred billing accommodations, and deflected provider inquiries about questionable data usage and growing unpaid subscription balances,” the DOJ said.