Luminosity Link: it’s a legitimate tool for Windows admins to “manage a large amount of computers concurrently,” its marketing claimed.
Oh, come on, developer, don’t be shy: Luminosity Link was actually a cheap, easy-to-use, multi-purpose pocket knife with a slew of malware tools you could flip out. In reality, it was a remote-access Trojan (RAT) that could be surreptitiously installed without a user being aware, that disabled anti-virus and anti-malware protection on targets’ computers in order to stay that way, and then went to work switching on webcams to spy on video feeds; accessing and viewing documents, photographs, and other files; stealing passwords; and/or installing a keylogger to automatically record victims’ keystrokes.
Crooks could also use Luminosity Link – also known simply as Luminosity – to mine cryptocurrency on infected systems with stolen electricity and CPUs, as well as to use the infected systems to launch distributed denial-of-service (DDoS) attacks.
All these capabilities are outlined in a plea agreement signed by a 21-year-old man from the US state of Kentucky who on Monday pleaded guilty to being the tool’s developer.
Colton Grubbs pleaded guilty to federal charges of creating, selling and providing technical support for the RAT to his customers, who used it to gain unauthorized access to thousands of computers across 78 countries worldwide. Grubbs also pleaded guilty to trying to hide incriminating goodies.
According to the plea agreement, on 10 July, 2017, after learning the FBI was about to search his Lexington apartment, Grubbs gave his laptop to his roommate and asked him to conceal it in the roommate’s car.
Grubbs also called a PayPal user who was collecting Luminosity payments on his behalf – PayPal had banned him for selling malware – and warned him to “clean your room.”
Grubbs also hid a debit card associated with his bitcoin account in a kitchen cabinet; tucked a phone storing his bitcoin information away in his roommate’s closet; spirited away the hard drives from his desktop computer, removing them from his apartment before the search; and then, three days later, shuffled over 114 bitcoins from his Luminosity Link bitcoin address into six new bitcoin addresses.
In February, Europol announced that the purportedly “legitimate” Luminosity tool had been snuffed out. The shutdown was the result of a UK-led dragnet in September 2017 that involved over a dozen law enforcement agencies in Europe, Australia and North America that went after hackers linked to the tool.
The investigation uncovered a network of crooks who distributed and used Luminosity worldwide and sold it to more than 8,600 buyers via the Luminosity.link website and the public internet forum HackForums.net (tucked under the Hacks, Exploits, and Various Discussions / Hacking Tools and Programs subforum). It sold for as little as $39.99 and was, as Europol described it, pretty much a turn-key malware kit, requiring little technical knowledge to be unleashed on thousands of victims.
As of February, investigators had already turned up stolen personal details, passwords, private photographs, video footage and data, and forensic analysis was still ongoing.
Though Grubbs initially claimed that Luminosity was a legitimate tool for sysadmins, he knew full well that many customers were using his software to remotely access and control computers without their victims’ knowledge or permission, according to the plea agreement… and, really, according to his tool’s marketing, which both claimed that it was a legitimate tool and also emphasized its malicious features.
Grubbs was indicted in June. The charges against him are conspiracy to defraud and obstruction of justice, which each carry penalties of up to five years in prison, a fine up to $250,000, and up to three years of supervised release. He’s also looking at a money-laundering count that could get him up to 20 years in prison, a fine of up to $500,000, and up to three years of supervised release. Maximum sentences are rarely handed out, though.
Sentencing is scheduled for 15 October.
Here are some tips on avoiding having a RAT gnaw on your system:
- Use a product such as Sophos Free Antivirus and Security to keep an eye out for malware, dodgy websites, adware and other potentially unwanted apps.
- Keep all your software updated.
- Install a good firewall.
- Don’t open suspicious email attachments, even if you think a message is coming from somebody you know. Such links can be rigged with malware. Same goes for clicking on URLs, be they in email, text messages or on social media: any such could be infected.
- Create strong passwords.
Here’s how to do that oh-so-important #5: