A Hot Springs, Arkansas man who last year admitted in court to creating the NanoCore RAT (Remote Access Trojan) was sentenced to 33 months in prison.
Taylor Huddleston, 27, was sentenced on Friday for helping and assisting with computer intrusions through the development and marketing of malicious software, the Department of Justice announced. The programs he created were used to steal sensitive data from victims, spy on them, and conduct other illegal intrusions.
In addition to the 33 months in prison, Huddleston was ordered to serve two years of supervised release following his prison sentence.
Accused of developing, marketing, and distributing two malware families, Huddleston pleaded guilty in court in July 2017.
The first malicious program Huddleston developed is the NanoCore RAT, a backdoor that allows attackers to steal information from victim computers, including passwords, emails, instant messages, and other sensitive data. Used to infect and attempt to infect tens of thousands of systems, the RAT allows attackers to activate infected machines’ webcams to spy on victims.
NanoCore RAT was used in attacks targeting the finance departments of small and medium-sized businesses in the U.K., the U.S. and India, as well as in other global infection campaigns. Distribution methods included, among others, fileless tricks to the abuse of free Voice-over-IP (VoIP) service Discord.
Huddleston also admitted to creating Net Seal, licensing software that allowed him to distribute malware for co-conspirators for a fee. Huddleston is said to have used Net Seal to assist Zachary Shames in his attempt to infect 3,000 systems with malware that was in turn used to infect 16,000 computers.
Huddleston built Net Seal in 2012 and created NanoCore in 2014 (he marketed the RAT as a remote desktop management utility.
In his guilty plea last year, Huddleston admitted that he intended the programs to be used maliciously.
Related: NanoCore RAT Author Pleads Guilty