Hacker from Khmelnytsky region attacked more than 10,000 computers, passing off viruses as gaming applications

Ukraine’s cyber police have arrested the developer of a remote access trojan (RAT), which allowed a hacker to infect more than 10,000 computers by posing as gaming programs.

the 25-year-old attacker was exposed by the Cybercrime Department of Khmelnytskyi region. At the time of the search, the hacker had almost 600 infected computers under his control, which he connected to in real time. Interacting with them, he could:

• download files
• steal credentials;
• install or uninstall programs;
• take screenshots;
• intercept sound or video from the computer’s microphone and camera.

After collecting this data, the criminal gained access to his victims' accounts, but it is not yet known whether the hacker attacked only Ukrainian users or whether his victims included foreigners.

The police did not provide any details on how the hacker distributed the malware. However, previous malware distribution campaigns for similar infections have been conducted through YouTube videos promoting game mods and cheats, Google Ads, malicious advertising, social media marketing campaigns, personal messages, and emails.

During a search of the suspect’s home, police found and confiscated equipment used by the malware operator to launch the attacks. «Criminal proceedings have been opened under Part 5 of Art. 361 (Unauthorized interference with the operation of information (automated), electronic communication, information and communication systems, electronic communication networks) of the Criminal Code of Ukraine,» said representatives of the Cyberpolice Department of Ukraine. The maximum penalty facing the hacker is 15 years in prison.

In early March, the Ukrainian cyber police, together with the Prosecutor General’s Office, law enforcement agencies from Germany, the Netherlands, Europol, and the FBI, exposed a hacker who caused € 40 million in losses to European companies. The victims include critical infrastructure and industrial facilities located within the eurozone. The attacker was a 39-year-old Ukrainian who now lives in Germany. The man was involved in large-scale cyberattacks using the DoppelPaymer ransomware. The cybercriminal spread the virus using EMOTET malware.