In a coordinated international law enforcement effort, the online infrastructure associated with the cross-platform remote access trojan (RAT) known as NetWire has been taken down. The seizure of the sales website www.worldwiredlabs[.]com coincided with the arrest of a Croatian national who is suspected to be the website's administrator.
While the suspect's name was not released, investigative journalist Brian Krebs identified Mario Zanko as the owner of the domain."NetWire is a licensed commodity RAT offered in underground forums to non-technical users to carry out their own criminal activities," Europol's European Cybercrime Center (EC3) said in a tweet. Advertised since at least 2012, the malware is typically distributed via malspam campaigns and gives a remote attacker complete control over a Windows, macOS, or Linux system. It also comes with password-stealing and keylogging capabilities.
The U.S. Department of Justice (DoJ) said an investigation into the malware operation was launched by the Federal Bureau of Investigation (FBI) in 2020, with the agency creating an account on the site and paying for a subscription to create a custom NetWire RAT instance.This is a major victory in the fight against cybercrime, but it's important to remember that there are always new threats emerging. That's why it's so important to stay vigilant and educate yourself and your employees about the risks of third-party app access to your company's SaaS apps.