The Swiss Army Knife of Hacker-ware

Have you ever wondered just what an attacker can do once they gain access to your computer?  A 21 year old software coder is facing prison time for developing the ultimate Swiss Army knife of an “administrators'” tool-kit.  This tool was sold to over 6,000 people through an extensive affiliate marketing network.  Many of his customers were cyber-criminals who used the software to gain access to tens of thousands of computers in 78 countries.

Colton Grubbs sold and provided technical support for Luminosity Link between April 2015 and July 2017, until he was arrested by the FBI.  He recently signed a plea agreement that will result in 5 years in prison.

Luminosity Link and was a extremely full-featured remote access Trojan horse (RAT). According to the advertisement I found on Ranger Exploit, Luminosity Link boasted over 90 features in 18 categories including:

  • Deployment
  • Remote Control
  • Control via HTTP
  • Surveillance
  • Client management
  • Command prompt
  • Windows utilities
  • Reverse SOCKS proxy
  • Keylogger
  • Screenlogger
  • Anti-malware disablement
  • Download manager
  • Upload manager
  • Website visitor/hidden browsing
  • Automatically connect on startup
  • File search
  • Crypto-currency miner
  • Automatic updating
  • Browser password recovery
  • Email client password recovery

For a complete list of features, see my transcription of the Ranger Exploit page.
Luminosity Link RAT

The only place I found information about Luminosity Link is the web site of an organization called Ranger Exploit.  I looked up the domain name ranger-exploit.com on ICANN’s WHOIS database for information about the registrant, but found no information about the site owner.  The domain name was registered on December 12, 2015.  The website is hosted on namecheap.com.  Ranger Exploit also has a page on GitHub and Facebook, where they appear to be selling other exploits and tools.  The product page on Ranger Exploit appears to actually be an image based file rather than text, which is a bit unusual.  The FBI has shut down all of the distribution sites, so this on seems odd for many reasons, and perhaps is being used by the FBI as a honeypot to gather information about other potential buyers of the RAT.

The part I found most interesting was the incredible breadth of the toolkit.  For those of us who are trying to protect and secure computer networks and information assets, it is disconcerting to see the entire exploit list scroll down for more than two screens.  The list of features provided a sobering glimpse into the capabilities of cyber-attackers.

More information:

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.