What you need know about BlackShades malware.

What you need to know about BlackShades malware.

A few weeks ago, I had blogged about the combination of White Collar Crime and Cybercrime.  Just this week there was, yet again, another example on how the two make for a devastating duo when used together to carry out financial crimes.  This is the way of the future.

Protect your data, protect yourself.

BlackShades is malicious software that acts as a Remote Access Tool (RAT), which allows an attacker to gain full control of a user’s computer when installed.  It affected Microsoft Windows-based computers.

Also known as “creep ware”, this computer malware can be purchased starting at $40.  The FBI said that the RAT has been sold since at least 2010 to several thousand users.

The set of capabilities that the RAT extends to hackers is astounding. Among them are key-logging and form-grabbing features that deliver passwords and other login credentials to hackers, a file hijacker feature that enables hackers to encrypt files and charge victims a ransom to reopen them, and “spreader” tools that use infected computers to post malicious links to a victim’s social media accounts and spread infection via USB devices.

Thousands of cyber-criminals gained such access to at least half a million machines in more than 100 countries by tricking users into clicking on a single malicious link that installs an insidious form of malware onto computers.

Based on the international crackdown by the FBI and local police in 19 countries, there have been 90 arrests, thus far.  This operation has been two years in the making.

Criminals have used RAT for many nefarious activities worldwide.  In France, it was used for financial attacks, in Libya and Syria is was used against political activists, even Miss Teen USA was a victim and had her web cam in her bedroom remotely turned on and was blackmailed for some nude shots that were taken from that open webcam in the past year.

RAT was created by Swedish national Alex Yücel and American Michael Hogue of Maricopa, Arizona.

Mr. Yücel faces up to 45 years in prison for his alleged roles as owner and operator of the BlackShades organization and co-creator of the RAT. 

Co-creator Mr. Hogue of Maricopa, Ariz., was arrested in June 2012 and pleaded guilty to two counts of computer hacking in January 2013. He faces a maximum sentence of 20 years and is currently awaiting sentencing.

How can you tell if you’ve been infected with BlackShades RAT malware?

Because of its sophisticated design, BlackShades may not be detected by anti-malware or anti-virus programs that are installed on your computer.

There are a few subtle signs that may determine if your computer has been infected.

• The webcam light turns on when the camera isn’t in use.
• Computer files have become inaccessible by you, because they are encrypted.
• You may receive a ransom note (an example is pictured above) asking for ransom money in exchange to unlock your files.
• Usernames and passwords for online accounts have been compromised and changed.
• Check for specific file types on your computer related to BlackShade.  The FBI has a complete list here. 
• Bring your computer to a trusted IT to remove the malware.
• If your information has been damaged or deleted an experienced computer forensics technician may be able to restore it.

How can you protect yourself?

• Be wary of links that are emailed to you (even from family and friends).  If it is a blank email with just a link, chances are it is malware.  Report the email to your email server and delete it immediately and permanently.