Luminosity.link website

UK police revealed today they were behind the abrupt shutdown of a popular website that peddled a commercial remote access trojan (RAT) known as LuminosityLink.

The website was located at luminosity.link, and offered for sale copies of the LuminosityLink RAT (Luminosity RAT) for just $40.

Security researchers first spotted this RAT in early 2015, and US cyber-security firms Palo Alto Networks published an in-depth report on the malware's capabilities in July 2016.

Police stumble over LuminosityLink reseller

In a press release published today, the UK's National Crime Agency (NCA) revealed that two months later, in September 2016, it came across a goldmine of LuminosityLink data on a suspect's computer when it arrested a Bristol man on Computer Misuse Act offenses in a separate investigation.

NCA said the Bristol man was one of the LuminosityLink resellers who resold the original RAT to other customers. They said the suspect had sold the LuminosityLink RAT to over 8,600 customers located across 78 countries.

UK officers analyzed the data and shared it with other law enforcement agencies across Europe, Australia, and America. A joint international takedown effort was coordinated and carried out in September 2017, when law enforcement authorities in the UK and other countries arrested some of the people who bought the RAT.

The NCA says investigators have put together 490 intelligence packages (cases) that were sent to law enforcement agencies in 13 other countries. In the UK, they are currently investigating 160 cases.

UK authorities have also taken down the luminosity.link website from where versions of the RAT were being sold online. UK officials did not respond to a request for comment on the part of Bleeping Computer seeking clarification if the Bristol man was also the individual who developed the LuminosityLink RAT.

LuminosityLink RAT still used to infect victims

Since the site's takedown, copies of the LuminosityLink RAT  have continued to be sold online and used in malware campaigns [1, 2].

The RAT could be used to take screenshots of infected PCs, search and steal files, upload and execute other malware, and more.

LuminosityLink GUI
LuminosityLink GUI

The RAT's source code never leaked online. LuminosityLink is considered one of the best spyware products sold in the past years.

"I decided to recode LuminosityLink since it was one of the best RAT i have ever seen," said a HackForum user currently offering a free LuminosityLink RAT clone.

Clone of LuminosityLink RAT
Clone of LuminosityLink RAT

Related Articles:

German Police Accused of Carrying Out Some Pretty Stupid Raids

Necurs Botnet Pushing New Marap Malware

Skim Reaper Device Detects Wide Range of Skimmer Devices

5 Examples of How Cheating in Fortnite Gets You Infected

Massive Malvertising Campaign Discovered Attempting 40,000 Infections per Week