News Centre

Editor’s note: Video and audio grabs available via Hightail.

The AFP is warning online users to protect themselves online following a recent surge in criminals attempting to steal and control the personal data of victims by tricking them into downloading malicious malware known as RATs (Remote Access Trojans).

RATs are a type of malicious malware that covertly take unauthorised control of a victim’s electronic device to steal sensitive personal information and to conduct surveillance on victims without their knowledge or consent.

AFP intelligence has identified criminals in Australia and offshore actively obtaining RATs and similar malware variants* to embed viruses into victim’s devices through a variety of ways, including downloadable email attachments hidden within ‘legitimate’ links, and computer video gaming add-ons or modifications, which are known as mods.

Once the RAT has been downloaded, malware automatically installs onto the user’s device, allowing a cybercriminal to control and access webcams, microphones, online credentials, passwords, geolocation data, files, and log history.

A cybercriminal can gain access to thousands of downloads and scrape information from just one RAT, which enables them to access thousands of victims’ personal data.

The AFP charged an Australian man in April after he allegedly developed and sold a RAT called ‘Firebird’ to a number of customers on a hacking forum website.

AFP Acting Assistant Commissioner Chris Goldsmid said the AFP had identified an increase in cybercriminals attempting to exploit not only Australians but victims around the world through the use of Remote Access Trojans.

“These viruses, known as RATs, are the tools of cybercriminals and are built to spread and takeover a victim’s device, just like a plague,” he said.

“This is a reminder for all Australians to practice good cyber hygiene, and of how important it is to keep software and virus protection updated.

“Vulnerabilities in old or unprotected software are often the target for criminals attempting to gain control over a system so the owner can be targeted and exploited.

“Cybercriminals can build RATs that limit detection by some antivirus software, so users may not be notified if malware is installed or operating on their device.

“This type of cyber offending can evolve into extreme and malicious forms of data theft and victim manipulation, with criminals using stolen data to commit extortion or financial crimes.

“The AFP will continue to target and prosecute criminals purchasing the malware for illegal purposes such as gaining remote access to a victim's computer, which holds a maximum penalty of 10 years’ imprisonment.”

A 27-year-old Geelong man was sentenced to a three-year good behaviour bond in the Geelong Magistrates Court after pleading guilty to five RAT-related offences in June 2023. The man purchased an Orcus RAT online from a Canadian national, and compromised more than 700 infected devices using the malware.

The Geelong man built computer game mods for a number of online games and embedded the RAT within those builds with the intent to steal data from gamers. Coders or online gamers usually build mods to improve or enhance a game for other gamers to enjoy for free or a small fee. Criminals seeking to exploit this will hide the RAT within a mod making it difficult for gamers to identify if it is infected with malware.

The AFP Cybercrime team have detected and removed mods containing malware for popular computer games including PUBG: Battlegrounds, Runescape, Minecraft and ARK Survival.

In another matter, the Malta Police Force arrested a 27-year-old Maltese national in February this year, for his alleged involvement in the distribution of the RAT ‘Warzone’ following intelligence provided by the AFP.

The alleged key figure was a part of an international cybercrime network that distributed ‘Warzone’ to other cybercriminals allowing them access to victims’ personal and online data.

The criminal use of RAT technology in Australia constitutes offences under the Criminal Code Act 1995 (Cth) including unauthorised modification of data to cause impairment, which has a maximum penalty of 10 years’ imprisonment.

If you think you are a victim of RAT malware, information on what to do next and how to protect yourself online can be found on the Australian Cyber Security Centre website.

*Remote Access Trojans (RATs) are a form of malicious malware designed to allow an attacker to gain access and control an infected computer. ‘Nanocore Malware’ and ‘Orcus’ are variant forms of RAT malware.