Federal Authorities Seize Internet Domain Selling Malware
Used to Illegally Control and Steal Data from Victims’ Computers
March 16, 2023
As part of an international law enforcement effort, federal authorities in Los Angeles this week seized an internet domain that was used to sell computer malware used by cybercriminals to take control of infected computers and steal a wide array of information.
A seizure warrant approved by a United States Magistrate Judge on March 3 and executed on Tuesday led to the seizure of http://www.worldwiredlabs.com, which offered the NetWire remote access trojan (RAT), a sophisticated program capable of targeting and infecting every major computer operating system. “A RAT is a type of malware that allows for covert surveillance, allowing a ‘backdoor’ for administrative control and unfettered and unauthorized remote access to a victim’s computer, without the victim’s knowledge or permission,” according to court documents filed in Los Angeles.
As part of this week’s law enforcement action, authorities in Croatia on Tuesday arrested a Croatian national who allegedly was the administrator of the website. This defendant will be prosecuted by Croatian authorities. Additionally, law enforcement in Switzerland on Tuesday seized the computer server hosting the NetWire RAT infrastructure.
The FBI in Los Angeles in 2020 opened an investigation into worldwidelabs, the only known onlinedistributor of NetWire. Undercover investigators with the FBI created an account on the website, paid for a subscription plan, and “constructed a customized instance of the NetWire RAT using the product’s Builder Tool,” according to the affidavit in support of the seizure warrant.
While the website marketed NetWire as a legitimate business tool to maintain computer infrastructure, the affidavit states that NetWire is a malware used for malicious purposes, the software was advertised on hacking forums, and numerous cyber security companies and government agencies have documented instances of the NetWire RAT being used in criminal activity.
“Today’s action is a testament to the innovation and flexibility necessary to fighting cybercriminals who operate without borders,” said United States Attorney Martin Estrada. “Our office will continue to forge international alliances to protect our communities from cyber threats. Criminals used NetWire on a global scale, and we have responded by dismantling the infrastructure that has caused untold harm to victims around the world.”
“By removing the Netwire RAT, the FBI has impacted the criminal cyber ecosystem,” said Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cyber criminals.”
This matter is the result of the United States’ strong law enforcement cooperation with Croatia and other global partners. The FBI’s Los Angeles Field Office; the Croatia Ministry of the Interior, Criminal Police Directorate; Zurich Cantonal Police in Switzerland; the Europol European Cybercrime Center; and the Australian Federal Police conducted the investigation in this matter.
Assistant United States Attorneys Lisa Feldman of the Cyber and Intellectual Property Crimes Section and Maxwell Coll of the Asset Forfeiture and Recovery Section obtained the seizure warrant for the internet domain. The Office of International Affairs in the Justice Department’s Criminal Division provided substantial assistance during the investigation.