A 21-year-old from Great Falls, Virginia, has admitted developing a piece of malware used by cybercriminals to infect thousands of computers, the U.S. Department of Justice announced last week.
Zachary Shames, a student at James Madison University, has pleaded guilty to charges of aiding and abetting computer intrusions and faces up to 10 years in prison. Sentencing has been scheduled for June 16.
According to authorities, Shames created a keylogger that he sold to more than 3,000 people, who used it to infect over 16,000 computers.
Court documents obtained by The Register show that the keylogger developed by Shames, who had used the online moniker “Mephobia,” is Limitless. The malware, classified by some security firms as a remote access Trojan (RAT), has been sold on several hacking forums for $40 or less.
Trend Micro reported in November 2014 that Limitless had been leveraged in business email compromise (BEC) schemes. Attackers had used the malware to steal credentials and other valuable information from the targets.
Limitless was one of the several keyloggers used in NightHunter, a campaign in which attackers harvested login credentials from organizations across the world. The operation, detailed by Cyphort in 2014, had been active since at least 2009 and it targeted Google, Yahoo, Facebook, Skype, Dropbox, Amazon, Yahoo, Hotmail, LinkedIn, Rediff and banking credentials. Court documents from Shames’ case reference SecurityWeek’s 2014 article on NightHunter attacks.
According to investigators, Shames was not very good at covering his tracks. For instance, the PayPal account he used to receive payments was registered with his real name, and a HostGator account hosting a Limitless domain was registered with his real home address.
Furthermore, the main email account used by the keylogger’s author was accessed on several occasions from IP addresses registered to James Madison University.
Authorities said Shames started developing the keylogger while in high school (between 2009 and 2013) and continued improving it from his college dorm room.
Related Reading: Dozens of Teens Arrested Over DDoS Attacks
Related Reading: Suspect Arrested in JPMorgan, Dow Jones Data Theft Case
Related Reading: Italian Siblings Arrested Over Long-running Cyber Espionage Campaign