Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Alleged Author of MegalodonHTTP Malware Arrested

Norwegian authorities have arrested an individual suspected of being the author of MegalodonHTTP, a piece of malware designed to power distributed denial-of-service (DDoS) botnets.

Norwegian authorities have arrested an individual suspected of being the author of MegalodonHTTP, a piece of malware designed to power distributed denial-of-service (DDoS) botnets.

Europol announced in mid-December the results of an international operation targeting individuals suspected of using remote access Trojans (RATs). The operation, dubbed Falling sTAR, resulted in the arrests of 12 people from France, Norway and Romania.

As part of Operation Falling sTAR, Norwegian police arrested five men aged between 16 and 24, and seized computer equipment and online accounts. These individuals were arrested on suspicion of possessing, using and selling malware.

Some of them admitted that they had been using malware for several years, and one even admitted running an online store dedicated to selling malware, police said.

Advanced persistent threat (APT) detection company Damballa, whose Threat Discovery Center assisted Norwegian authorities in their investigation, revealed on Thursday that one of the five suspects arrested in December is believed to be the author of the MegalodonHTTP malware.

The security firm says it’s not at liberty to disclose the suspect’s real identity, but it has confirmed that the online moniker used by MegalodonHTTP’s author, Bin4ry, is no longer active or doing business.

When it analyzed MegalodonHTTP in November, Damballa noted that the threat was simple and apparently developed by someone with poor coding skills.

Bin4ry advertised the malware on hacker forums as a threat capable of launching seven types of DDoS attacks, opening a remote shell on the infected system, mining crypto currency, and killing antiviruses. The author offered two packages priced at $35 and $100, depending on what the user needed.

While the malware isn’t very sophisticated, especially since it needs .NET to be installed on the victim’s machine to run properly, its low price and the fact that it could quickly and easily be set up even by less skilled users might have made it attractive for some cybercriminals.

Related: Alleged Malware Service Operators Arrested in UK

Related: International ATM Malware Gang Dismantled

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe


Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...