UPDATED 22:40 EDT / JULY 17 2018

INFRA

Kentucky man pleads guilty to creating and selling the LuminosityLink virus

A Kentucky man has pleaded guilty to three charges relating to his development and sale of LuminosityLink, a remote access trojan virus that allowed hackers to gain access to personal computers for a variety of nefarious purposes.

According to an indictment, 21-year-old Colton Ray Grubbs of Stanford, Kentucky, was alleged to have used the handle “KFC Watermelon” on hacking forums to advertise the LuminosityLink RAT which he was selling for $39.95.

The tool offered a variety of malicious capabilities, including the ability for hackers to take control of computers, record activities and to view files, login credentials and personal information. Primarily pitched as a spying tool that delivered remote access to webcams and microphones, the tool also allowed for the installation of third-party programs such as cryptocurrency mining programs and distributed denial-of-service scripts.

LuminosityLink could be installed on a computer bundled with another app or installed directly on a targeted machine should the hacker have access to it.

Before pleading guilty as part of a plea deal, Grubb had maintained that the software was designed as a legitimate tool for system administrators. There are legitimate purposes for remote access software, but Grubb’s downfall was a marketing strategy that made it fairly clear what the real purpose of LuminosityLink was: a tool that would allow potential customers to access and control systems without the owners’ knowledge or permissions.

Worse still for Grubb’s attempt to claim innocence, he not only offered free support to customers but in doing so sent private messages in response to “questions about accessing and controlling victim computers without authorization or detection.”

Grubbs admitted to having designed and sold LuminosityLink to more than 6,000 customers between April 2015 and July 2017, as well as recruiting other people as affiliates to sell the malware.

Pleading guilty to charges relating to invasion of privacy, causing loss of at least $5,000 to protected computers and conspiracy, Grubbs is facing a maximum of 25 years in jail and a $750,000 fine.

Image: LuminosityLink/Brian Krebs

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.