|Subtype||Remote administration trojan|
|Author(s)||Alex Yucel and Michael Hogue|
|Operating system(s) affected||Windows|
Blackshades is the name of a malicious trojan horse used by hackers to control infected computers remotely. The malware targets the computers using Microsoft Windows -based operating systems. According to US officials, over 500,000 computer systems have been infected worldwide with the software.
In 2014, the United States Federal Bureau of Investigation (FBI) arrested hundreds of people who had Blackshade in their computer. Before the FBI crackdown, Blackshades was sold for US$40 on Hack Forums, and reportedly generated US$350,000.00 in sales.
Blackshades infects computer systems by downloading onto a victim's computer when the victim accesses a malicious webpage (sometimes downloading onto the victim's computer without the victim's knowledge, known as a drive-by download) or through external storage devices, such as USB flash drives. Blackshades also included tools that assisted hackers in maximizing the amount of computer systems infected, such as a tool that sends infected links that masquerade as an innocuous site to other potential victims via the victim's social networking service.
Blackshades can reportedly be used remotely to access an infected computer without authorization. Blackshades allows hackers to perform many actions on an infected computer remotely without authorization, including the ability to:
- Access and modify files on the victim's computer.
- Log keystrokes on the victim's computer.
- Access to the webcam of the victim.
- Include the victim's computer in a botnet, which allows the attacker to perform denial-of-service attacks with the victim's computer, and usually along with other infected computers.
- Download and execute files on the victim's computer.
- Use the victim's computer as a proxy server.
Detection and removal
Many antivirus programs can successfully detect and remove Blackshades, however hackers using the Blackshades software usually avoid detection of Blackshades infections by using software that obfuscates the Blackshades binary to avoid detection by antivirus programs, which the Blackshades organization also sold along with the Blackshades software.
Blackshades in the media
In 2015, Stefan Rigo from Leeds was given a 40-week suspended sentence for using BlackShades against 14 people, 7 of whom he knew personally. It is reported he paid for the software using his ex-girlfriend's payment card.
In 2012, the FBI ran a sting operation called "Operation Card Shop", which led to 24 arrests of hackers in eight countries. One of those arrested was Michael Hogue (also known as xVisceral in online hacking communities). Hogue, a co-creator of Blackshades, was arrested and indicted on charges under 18 U.S.C. § 1030, more commonly known as the Computer Fraud and Abuse Act. He was sentenced to five years of probation, 20 years suspended prison sentence.
In 2014, the FBI coordinated a worldwide operation to combat the use of the malware, leading to the arrest of almost one hundred people in nineteen countries. On May 19, charges were laid in the United States against five individuals: two men identified as developers of Blackshades and three other men who sold the software or used it to infiltrate other people's computers. Exactly 359 searches were conducted and more than 1,100 electronic devices have been seized as part of the operation. According to the FBI, over 500,000 computers in more than 100 countries were infected by the malware. Blackshades sold typically for US$40, and reportedly generated US$350,000 in sales.
- "Manhattan U.S. Attorney And FBI Assistant Director-In-Charge Announce Charges In Connection With Blackshades Malicious Software That Enabled Users Around The World To Secretly And Remotely Control Victims' Computers". United States Department of Justice. May 19, 2014. Retrieved December 13, 2014.
- "Could your Computer be Infected by Blackshades?". FBI. Retrieved May 20, 2014.
- "BlackShades: Arrests in computer malware probe". BBC News. 2014-05-19. Retrieved 19 May 2014.
- Loyd, Jordan (June 19, 2012). "U.S. v. Michael Hogue Complaint" (PDF). blackshades.net. United States Department of Justice. Archived from the original (PDF) on December 26, 2014.
- Kujawa, Adam (June 15, 2012). "You Dirty RAT! Part 2 – BlackShades NET". Malwarebytes UNPACKED. Malwarebytes Corporation. Retrieved December 31, 2014.
- Hoffman, Patrick (May 16, 2014). "U.S. v. Brendan Johnston Complaint 14 Mag 1086" (PDF). United States Department of Justice. p. 8.
- Marquis-Boire, Morgan; Hardy, Seth (June 19, 2012). "Syrian Activists Targeted with Blackshades Spy Software".; Marquis-Boire, Morgan; Galperin, Eva (July 12, 2012). "New Malware Targeting Syrian Activists Uses Blackshades Commercial Trojan".
- Rigo, Stefan (October 8, 2015). "Webcam hacker spied on sex acts with BlackShades malware - BBC News".;
- "Manhattan U.S. Attorney And FBI Assistant Director-In-Charge Announce 24 Arrests In Eight Countries As Part Of International Cyber Crime Takedown". The United States Attorney Office for the Southern District of New York. Archived from the original on 2015-01-01.
- "BlackShades malware bust ends in nearly 100 arrests worldwide". CBS Interactive. May 19, 2014. Retrieved 20 May 2014.
- "More than half million computers worldwide infected with BlackShades malware". Big News Network. Retrieved May 20, 2014.