View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

BlackShades “cheap” malware allowed criminals hijack half a million computers

Crackdown in Europe, US results in 97 arrests

By CBR Staff Writer

Law enforcement agencies across Europe and the US have arrested 97 cyber criminals for using BlackShades malware for various illegal practices ranging from stealing personal data to blackmailing the victims.

Blackshades allows criminals to steal passwords and banking credentials; hack into social media accounts; access documents, photos, and other computer files; record all keystrokes; activate webcams; hold a computer for ransom; and use the computer in distributed denial of service (DDoS) attacks.

The BlackShades website has been selling malware, especially the Remote Access Tool or RAT, for as low as $40. Its low cost and customizable feature made the malware easily available and in handy for criminals.

The website is suspected to have been in the business from at least 2010, and generated sales of more than $350,000 up to April 2014. The domain of BlackShades website has since been seized.

US Federal Bureau of Investigation (FBI) said in a statement, "This software was sold and distributed to thousands of people in more than 100 countries and has been used to infect more than half a million computers worldwide."

Monday’s crackdown was undertaken by about 16 countries, in coordination with FBI, EU’s judicial cooperation agency Eurojust, and European Cybercrime Centre (EC3) at Europol.

Nearly 360 house searches were carried out worldwide, and over 1,100 data storage devices, including computers, laptops, mobiles and USB memory sticks, were seized.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Cash, illegal firearms and drugs were also recovered in the searches, said Eurojust.

The BlackShades malware is believed to be developed by Swedish national Alex Yucel and US citizen Michael Hogue. Hogue was arrested in 2012 on charges of cyber crime and pleaded guilty in 2013 on two counts of computer hacking.

The FBI unsealed an indictment against Yucel, who was arrested in November last year in Maldova and is awaiting extradition to the US.

According to FBI, Yucel ran his organization like a business — hiring and firing employees, paying salaries, and updating the malicious software in response to customers’ requests.

The existence of the Blackshades malware came to light as part of FBI’s Operation Cardshop, an investigation into worldwide "carding" crimes. The names of Yucel and Hogue figured in this investigation.

Investigators have so far conducted 100 interviews, executed more than 100 e-mail and physical search warrants, and seized more than 1,900 domains used by Blackshades users to control victims’ computers.

An 18-year-old man was arrested recently in the Netherlands for infecting at least 2,000 computers with BlackShades malware, and controlling the victim’s webcams to take pictures of women.

Photo courtesy of Victor Habbick/

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.