Security Experts:

Alleged Author of MegalodonHTTP Malware Arrested

Norwegian authorities have arrested an individual suspected of being the author of MegalodonHTTP, a piece of malware designed to power distributed denial-of-service (DDoS) botnets.

Europol announced in mid-December the results of an international operation targeting individuals suspected of using remote access Trojans (RATs). The operation, dubbed Falling sTAR, resulted in the arrests of 12 people from France, Norway and Romania.

As part of Operation Falling sTAR, Norwegian police arrested five men aged between 16 and 24, and seized computer equipment and online accounts. These individuals were arrested on suspicion of possessing, using and selling malware.

Some of them admitted that they had been using malware for several years, and one even admitted running an online store dedicated to selling malware, police said.

Advanced persistent threat (APT) detection company Damballa, whose Threat Discovery Center assisted Norwegian authorities in their investigation, revealed on Thursday that one of the five suspects arrested in December is believed to be the author of the MegalodonHTTP malware.

The security firm says it’s not at liberty to disclose the suspect’s real identity, but it has confirmed that the online moniker used by MegalodonHTTP’s author, Bin4ry, is no longer active or doing business.

When it analyzed MegalodonHTTP in November, Damballa noted that the threat was simple and apparently developed by someone with poor coding skills.

Bin4ry advertised the malware on hacker forums as a threat capable of launching seven types of DDoS attacks, opening a remote shell on the infected system, mining crypto currency, and killing antiviruses. The author offered two packages priced at $35 and $100, depending on what the user needed.

While the malware isn’t very sophisticated, especially since it needs .NET to be installed on the victim’s machine to run properly, its low price and the fact that it could quickly and easily be set up even by less skilled users might have made it attractive for some cybercriminals.

Related: Alleged Malware Service Operators Arrested in UK

Related: International ATM Malware Gang Dismantled

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.