Canadian National Division Cybercrime Investigative Team charges Toronto man for allegedly operating an international malware scheme for distributing Orcus RAT malware in the underground forum.
Orcus RAT Author John Paul Revesz, 36, Initially maintain the Orcus RAT as a legitimate tool for an administrator to remotely connect their network systems.
In 2016, Orcus RAT being advertised in an underground forum and used in countless malware attacks, also Revesz and his team providing ongoing technical support and help to customers who’d purchased Orcus RAT via the underground forum.
“Orcus RAT is capable of stealing browser cookies and passwords, launch server stress tests (DDoS attacks), disable the webcam activity light, record microphone input, spoof file extensions, log keystrokes and more.”
Also, when checking the features and plugins of Orcus RAT, it includes various unusual functionalities such as DDoS-for-hire capabilities, disables the webcam light indication and more.
In this case, Revesz was charged by Royal Canadian Mounted Police (RCMP) under Section 342.1 of the Criminal Code for Unauthorized use of computer and will be appearing in provincial court in Toronto on December 5.
The investigation about the Orcus RAT activities started in 2016 after the RAT used to infect the thousands of victims computers in multiple countries around the world.
RCMP seized several hard drives containing Orcus RAT customer names in his home, including financial Transaction and some of the other sensitive information.
“This investigation was one of the first ones the newly-founded Cybercrime Investigative Team undertook at the time and we are pleased with this outcome. We wish to thank our domestic and international partners, namely the Canadian Radio-Television and Telecommunications Commission, for their valuable contribution in making this a success,” said Andre Beaulieu, Acting Officer in Charge of the RCMP National Division Cybercrime Investigative Team.
In a very recent incident, GBHackers reported that a sophisticated campaign that delivers the Orcus RAT embedded in video files and Images. The campaign mainly focuses on information stealing and .NET evasion.