A man is facing charges of being the author of MegalodonHTTP, a piece of malware designed to power distributed denial-of-service (DDoS) botnets, Norwegian police said.
In mid-December an international operation targeting individuals suspected of using remote access Trojans (RATs) called Falling sTAR resulted in the arrests of 12 people from France, Norway and Romania.
As part of Operation Falling sTAR, Norwegian police arrested five men aged between 16 and 24, and seized computer equipment and online accounts. These individuals ended up arrested on suspicion of possessing, using and selling malware.
Since then, some admitted they had been using malware for several years, and one even said he ran an online store dedicated to selling malware, police said.
Advanced persistent threat (APT) detection company Damballa, whose Threat Discovery Center assisted Norwegian authorities in their investigation, said they believe one of the five suspects arrested in December is the author of the MegalodonHTTP malware.
The security firm would not reveal the suspect’s real identity, but it has confirmed that the online moniker used by MegalodonHTTP’s author, Bin4ry, is no longer active or doing business.
When it analyzed MegalodonHTTP in November, Damballa officials said the threat was simple and apparently developed by someone with poor coding skills.
Bin4ry advertised the malware on hacker forums as a threat capable of launching seven types of DDoS attacks, opening a remote shell on the infected system, mining crypto currency, and killing antiviruses. The author offered two packages priced at $35 and $100, depending on what the user needed.
While the malware isn’t very sophisticated, especially since it needs .NET to install on the victim’s machine to run properly, its low price and the fact it could quickly and easily be set up even by less skilled users might have made it attractive.