Developer Of Hive RAT Arrested By Authorities

A San Fernando Valley man has been taken into custody by federal authorities on criminal charges related to a purported scheme to sell and distribute Hive remote access trojan (RAT).  

This gave buyers control over the victims’ computers and allowed them to view the victims’ login credentials, private messages, and other personal data.

The 24-year-old Van Nuys resident Edmond Chakhmakhchyan, also known by his screen name “Corruption,” was taken into custody on Wednesday. The Australian Federal Police (AFP) and the FBI collaborated on this cooperative law enforcement operation.

About four years ago, Chakhmakhchyan allegedly started working with the person who created the Hive RAT, also known as “Firebird.” 

The author advertised the RAT’s many features, specifically its ability to remotely access victim computers and intercept data and communications without the victim’s knowledge.

The FireBird RAT is highly functional malware with various capabilities. Cybercriminals may be able to get user-level access over a targeted machine. 

This malicious malware can manage the Windows Registry, which holds data, settings, and other items related to installed hardware and software. As a result, it may issue commands to manage connected hardware and install and remove apps.

According to the indictment, Chakhmakhchyan and the creator of the malware allegedly came to an agreement whereby Chakhmakhchyan would promote the Hive remote access trojan (RAT) on the “Hack Forums” website, take Bitcoin payments for licenses to use the RAT and offer customer support to those who bought the licenses.

In particular, the malware buyers would transfer Hive RAT to secured systems and obtain unauthorized access to these systems. 

From there, the RAT buyer may close or disable applications, peruse files, log keystrokes, access incoming and outgoing communications, and obtain victim passwords and other login credentials for cryptocurrency wallets and bank accounts, all without the victims’ knowledge or consent.

As per the indictment, Chakhmakhchyan emailed buyers after promoting the Hive RAT. 

He clarified to one of the buyers that the malware let “the Hive RAT user access another person’s computer without that person knowing about the access.” 

Chakhmakhchyan agreed to sell the Hive RAT after the buyer informed him that the victim had project files valued at over $5,000 and $20,000 in Bitcoin kept in a blockchain wallet. It is said that Chakhmakhchyan also sold a license for the Hive RAT to a law enforcement agency undercover agent.

Chakhmakhchyan is Accused Of Conspiracy

 “The indictment specifically charges Chakhmakhchyan with one count of conspiracy – to advertise a device as an interception device, to transmit a code to intentionally cause damage to a protected computer, and to intentionally access a computer to obtain information – as well as one count of advertising a device as an interception device”, the U. S Department of Justice.

The maximum statutory penalty for each count is five years in federal prison.

The defendant is deemed innocent unless and until they are proven guilty beyond a reasonable doubt in a court of law, and an indictment is only an allegation.

The Commonwealth Director of Public Prosecutions will handle the prosecution of an Australian national who has been charged by the Australian Federal Police with involvement in the development and selling of the malware.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.