Co-creator of Blackshades malware used to spy on Miss Teen USA pleads guilty

Blackshades malware co-creator pleads guilty, facing 10 years in jail

Trojan image courtesy of ShutterstockOne of the co-creators of the Blackshades Remote Access Trojan (RAT) that infected more than 500,000 computers has pleaded guilty to charges of hacking.

Alex Yücel, 24, faces up to 10 years in prison for his involvement with the $40 program designed to secretly remotely control victims’ computers.

The US government says it intends to seize any equipment associated with his nefarious deeds, along with the blackshades.ru and bshades.eu domain names.

The Swedish citizen entered his plea in a Manhattan federal court on Wednesday in response to charges of conspiracy, distribution of malicious software, access device fraud and aggravated identity theft.

His guilty plea was made as part of a deal prior to the commencement of his trial on 22 March this year. After a previous plea deal fell through without explanation, Yücel offered to waive the right to appeal his sentence on condition that it does not exceed 7 years and 3 months in total.

Yücel, who ran the Blackshades organisation under aliases including “Victor Soltan” and “marjinz” was extradited to the US in November 2013 after originally being detained in Moldova.

According to prosecutors, Yücel employed a marketing director and several customer service representatives to help bolster his business and, by April 2014, the team had generated over $350,000 in sales of the RAT.

Manhattan US Attorney Preet Bharara said:

Through his creation and sale of the Blackshades RAT, Alex Yücel enabled anyone, for just $40, to violate the property and privacy of his victims. With his guilty plea today, Yücel will now have to pay for his conduct. This Office will continue to work with our law enforcement partners at the Federal Bureau of Investigation and around the world to find and prosecute those who create, market, and employ malicious software.

According to documents filed in the Manhattan federal court, the Blackshades RAT – which was used to secretly take nude photos of Miss Teen USA – could give an attacker complete control over an infected system:

Once a computer was infected with the RAT, the user of the RAT had complete control over the computer. The user could, among other things, remotely activate the victim's web camera. In this way, the user could spy on anyone within view of the victim’s webcam inside the victim's home or in any other private spaces where the victim’s computer was used.

The RAT also contained a "keylogger" feature that allowed users to record each key that victims typed on their computer keyboards. To help users steal a victim's passwords and other log-in credentials, the RAT also had a "form grabber" feature. The "form grabber" automatically captured log-in information that victims entered into "forms" on their infected computers (e.g., log-in screens or order purchase screens for online accounts).

Law enforcement have been keen to crack down on those using, and responsible for, Blackshades.

Over 100 people were arrested in May 2014 in raids associated with Blackshades.

In January 2013, Yücel’s fellow Blackshades creator Michael Hogue pleaded guilty and is still awaiting sentencing.

Blackshades administrator Brendan Johnston appeared in court in November 2014 on charges of conspiracy to commit computer hijacking. His guilty plea could lead to a prison sentence of up to 10 years when he is sentenced on 27 May.

Marlon Rappa, a customer who used the RAT to infect computers, steal personal files and spy on victims via their webcams, pleaded guilty on 31 October 2014. He is due to be sentenced on 13 March.

Most recently, Blackshades customer Kyle Fedorek was yesterday ordered to pay $45,000 in restitution and sentenced to two years in prison, followed by 3 years of supervision, after using the RAT to hack into 90 computers.

Image of Trojan courtesy of Shutterstock.