What you need to know about the BlackShades malware
Watch video above: What you need to know about the BlackShades malware. Mark Carcasole reports.
TORONTO – Over half a million computers in more than 100 countries have been infected with a sophisticated piece of software that leaves users vulnerable to attackers.
Authorities in 16 countries, including Canada, took part in a global crackdown on the BlackShades malware that lets cybercriminals take over a computer and hijack its webcam. At least 97 people worldwide have been charged in connection with the investigation.
READ MORE: Canada joins global crackdown on malware
What is BlackShades?
BlackShades is malicious software that acts as a Remote Access Tool (RAT), which allows an attacker to gain full control of a user’s computer when installed. It affected Microsoft Windows-based computers.
BlackShades can also allow an attacker to carry out large-scale distributed denial-of-service (DDoS) cyber attacks.
Versions of the software – which can be found online for as little as $40 – are often advertised to average users as a way to catch cheating lovers, according to Kellman Meghu, head of security engineering at Check Point Software Technologies.
“It could even take over someone’s Facebook account once it was on their system – it has a lot of nefarious uses that people may want to use against spouses, employers, etc.,” said Meghu.
“It can be used for criminal enterprise, but it’s a publically supported tool which makes it a little bit dangerous in the sense that you don’t have to be a very technical person to learn how to use it.”
According to the FBI, the BlackShades RAT has been sold to several thousand users online since 2010.
It’s estimated that over half a million computers have been infected with the malware.
What would an attacker do with this software?
Once installed, the software would allow an attacker to view and access files on the computer, take control of the mouse and the screen, and even record a user’s keystrokes to record passwords or sensitive information.
RATs can also allow someone to turn on a device’s webcam and record video or take photos without the user knowing.
One case documented by European Union law enforcement agency Europol involves an 18-year-old man from the Netherlands who allegedly infected 2,000 computers with the malware to take photos of women and girls via their webcams.
“As today’s case makes clear, we now live in a world where, for just $40, a cybercriminal halfway across the globe can—with just a click of a mouse—unleash a RAT that can spread a computer plague not only on someone’s property but also on their privacy and most personal spaces,” said U.S. Attorney Preet Bharara in a statement.
Attackers can also encrypt and deny access to user’s personal files and then demand a ransom to regain access to them.
How can you tell if you have been infected?
Because of the way BlackShades is designed, anti-malware and anti-virus programs may not detect the software on your computer.
However, there are a few signs to watch for to determine if your computer has been infected:
- Your cursor moves erratically without you touching it or your monitor turns off during use
- The webcam “in use” light turns on when the camera is not in use
- Usernames and passwords for online accounts have been compromised
- Computer files become encrypted without warning
Users can also check the computer’s hard drive for specific file types that are known to be present on BlackShade-infected devices. The FBI has the complete list of files and instructions how to access them on its website.
What can you do to protect yourself?
Unfortunately there is not much that the average user can do other than keep an eye on what types of files and attachments they are opening on their computer.
“Be careful what you click on, even from friends and family,” Meghu told Global News. “If they send you a link or a piece of software be careful what you install.”
Meghu also noted that if you do click on an attachment or download and nothing appears to happen, there could be something malicious going on in the background.
– With files from Global Toronto’s Mark Carcasole
© Shaw Media, 2014