When they first started selling the Luminositylink RAT for $40 a pop, the malware’s authors said that their product is a 100% legitimate remote administration tool that’s easy to deploy, even for the less tech-savvy users. Proofpoint’s researchers, the people who first analyzed it, noted that the part about it being 100% legitimate is complete and utter nonsense. For one, it was distributed with the help of spam emails and exploit kits. And after monitoring what it does, the experts said that it’s far too aggressive to be used for any sort of benign activities.
They reckoned that marketing it as a legitimate tool is a “Who, me?” tactic that could protect the malware’s authors in case Law Enforcement gets on their trails. We’re happy to say that it didn’t work.
Yesterday, law Enforcement agencies around the world announced that after a joint operation, they’ve managed to put an end to LuminosityLink. The actual crackdown took place in September, but the agencies kept quiet about it due to operational reasons. More than a dozen law enforcement organizations across Europe, North America, and Australia took part, and although details are a bit scarce, the press releases note that LuminosityLink can no longer be bought, deployed, and used against unsuspecting individuals.
Apparently, it all started about a year before the actual arrests in Bristol, Great Britain. During a separate investigation, police officers found a LuminosityLink sample on a suspect’s computer. After almost a year of digging around, they discovered that a small group of UK individuals was responsible for the distribution of the RAT to 8,600 customers in 78 countries. The UK’s National Crime Agency (NCA) reckons that there are “thousands” of victims worldwide, but the actual number is likely much higher. Back in 2016, just a year after LuminosityLink was first spotted, researchers from Palo Alto dissected the RAT and said that their scanners had already detected more than 50 thousand infection attempts. Whatever the current number of victims, plenty of people have a reason to celebrate at the moment.
Remote Access Trojans offer versatility that hackers simply can’t get with any other type of malware. and with its keylogging and file exfiltrating components as well as its ability to act as a dropper, LuminosityLink was one of the most powerful RATs out there. Its takedown is good news. Here’s hoping that other tools of this kind will disappear just as suddenly.