You are here

Fraudsters arrested over global malware called Blackshades

20th May 2014

Seventeen suspected users of malware designed to take over, control and steal information from personal computers have been arrested in the first ever UK-wide cyber crime operation.

Coordinated by the National Crime Agency (NCA), a week of arrests, searches and seizures has involved nearly every UK Regional Organised Crime Unit (ROCU), as well as Police Scotland and the Metropolitan Police.

The NCA said the arrests comprise of males across England and Scotland. The UK investigation forms part of global activity targeting the developers and prolific users of Blackshades, a set of malware tools sold online for under £100.  

The most common Blackshades product is a Remote Access Tool (RAT), which enables cyber criminals to remotely take over and control the operations of an infected computer and can be used to:

  • Access the webcam of the victim, turning it on without the user’s knowledge and taking screen shots
  • Access personal files and documents, and download new content
  • Engage in unsolicited chat with the victim
  • Infect USB devices to aid further spreading of malware
  • Instruct the victim’s computer to help commit Distributed Denial of Service (DDOS) attacks
  • Infect other computers via peer-to-peer communications

The Blackshades inventory also includes a Password Recovery Application designed to capture usernames and passwords inputted on a victim’s machine. The criminal can then view the stolen data in a similar way to an email inbox.

People are typically infected by clicking on external links on social networking and communication platforms. Instead of viewing a picture or video, the victim unwittingly installs the malware. In many cases, those affected will have no indication they are infected.

Victims across the world

Investigators believe that around 200,000 usernames and passwords of victims across the world may have been extracted by Blackshades users in the UK.

Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said: “Criminals throughout the UK and across the world are finding out that committing crimes remotely offers no protection from arrest. The unique scale of this cyber operation shows what can happen when law enforcement agencies at local, national and international level work together to tackle the perpetrators and help keep people safe.

“Cyber crime is one of the most significant criminal threats to the UK. The NCA is helping to build the capacity of its partners across the country and coordinating the UK’s collective efforts as part of the response. The commitment of our police partners in the cyber arena has been clearly demonstrated by the work culminating in this week’s dramatic activity.”

In addition to arresting people believed to have used Blackshades, the NCA is using a variety of approaches to warn individuals who have downloaded the malware but not deployed it that they are now known to the agency. Any movement into criminality will result in further action warned the NCA. 

For further information visit the NCA website. 

Please note that Action Fraud is not responsible for the content of external websites.

To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Related links

International police operation leads to arrest of 110 boiler room fraudsters
CryptoLocker ransomware spreading fast