This week, US authorities announced the seizure of a domain distributing the NetWire remote access trojan (RAT) and the arrest of a Croatian national suspected of operating the website. NetWire is a decade-old malware family that has been used by cybercriminals and state-sponsored threat actors to steal information, execute commands, and remotely control infected devices.
NetWire has been sold on underground forums, with prices ranging between $80 and $140. The website selling the malware, worldwiredlabs.com, was disguised as a legitimate business tool, making it difficult for authorities to detect. The domain was seized on March 7, with the Croatian police arresting the website’s administrator the same day. Additionally, servers hosting the NetWire RAT infrastructure were seized in Switzerland.
The arrested individual has not been named by the authorities, but investigative journalist Brian Krebs has identified multiple email addresses and domains associated with the individual, as well as three Skype account names. One of them is Netwire, while the other is Dugidox, which has been associated with NetWire sales and support discussion threads on cybercrime forums.
Overall, the seizure of the domain and arrest of the Croatian national suspected of operating it is a major step forward in the fight against cybercrime. NetWire is a potent threat that can be used to target organizations and individuals alike. By taking down the website distributing the malware, authorities have disrupted its availability and cut off its distribution channel.
Key points:
• This week, US authorities seized a domain distributing the NetWire RAT and arrested a Croatian national suspected of operating it
• NetWire is a decade-old malware family used by cybercriminals and state-sponsored threat actors
• The website selling the malware was disguised as a legitimate business tool
• The domain was seized on March 7, with the Croatian police arresting the website’s administrator the same day
• Brian Krebs has identified multiple email addresses and domains associated with the individual, as well as three Skype account names