International police agencies, including the FBI, have carried out an operation to arrest the suspected administrator of the NetWire remote access trojan, and seize the website’s domain and hosting server.
NetWire was marketed as a legitimate remote administration tool, available for as little as $10 a month, but had been used for malicious activities since at least 2014.
The trojan allowed attackers to remotely take screenshots, download and upload files, execute commands and download further programs on infected Windows computers. Police from various countries including the USA, Switzerland, and Croatia were involved in the operation.
The FBI and police agencies have disrupted the NetWire service in a coordinated international law enforcement operation, seizing the website’s domain and server.
A Croatian national suspected of being the administrator was also arrested in Croatia and will be prosecuted by local authorities. The service had been a tool of choice for a variety of malicious activities, including phishing attacks, business email compromise campaigns, and corporate network breaches.
The website now displays a seizure message, stating, “This Website Has Been Seized as part of a coordinated law enforcement action taken against the NetWire Remote Access Trojan.”
The NetWire remote access trojan had been promoted as a legitimate remote administration tool, but since 2014, it had been used for various malicious activities.
Threat actors used it to remotely control infected Windows computers, including taking screenshots and uploading and downloading files. The FBI’s Assistant Director in Charge of the Los Angeles Field Office, Donald Alway, said that the operation had impacted the criminal cyber ecosystem.
The global partnership that led to the seizure of the infrastructure had removed a popular tool used by cybercriminals to hijack computers and perpetuate global fraud, data breaches, and network intrusions.
