The Swiss Army Knife of Hacker-ware

Have you ever wondered just what an attacker can do once they gain access to your computer?  A 21 year old software coder is facing prison time for developing the ultimate Swiss Army knife of an “administrators'” tool-kit.  This tool was sold to over 6,000 people through an extensive affiliate marketing network.  Many of his customers were cyber-criminals who used the software to gain access to tens of thousands of computers in 78 countries.

Colton Grubbs sold and provided technical support for Luminosity Link between April 2015 and July 2017, until he was arrested by the FBI.  He recently signed a plea agreement that will result in 5 years in prison.

Luminosity Link and was a extremely full-featured remote access Trojan horse (RAT). According to the advertisement I found on Ranger Exploit, Luminosity Link boasted over 90 features in 18 categories including:

  • Deployment
  • Remote Control
  • Control via HTTP
  • Surveillance
  • Client management
  • Command prompt
  • Windows utilities
  • Reverse SOCKS proxy
  • Keylogger
  • Screenlogger
  • Anti-malware disablement
  • Download manager
  • Upload manager
  • Website visitor/hidden browsing
  • Automatically connect on startup
  • File search
  • Crypto-currency miner
  • Automatic updating
  • Browser password recovery
  • Email client password recovery

For a complete list of features, see my transcription of the Ranger Exploit page.
Luminosity Link RAT

The only place I found information about Luminosity Link is the web site of an organization called Ranger Exploit.  I looked up the domain name ranger-exploit.com on ICANN’s WHOIS database for information about the registrant, but found no information about the site owner.  The domain name was registered on December 12, 2015.  The website is hosted on namecheap.com.  Ranger Exploit also has a page on GitHub and Facebook, where they appear to be selling other exploits and tools.  The product page on Ranger Exploit appears to actually be an image based file rather than text, which is a bit unusual.  The FBI has shut down all of the distribution sites, so this on seems odd for many reasons, and perhaps is being used by the FBI as a honeypot to gather information about other potential buyers of the RAT.

The part I found most interesting was the incredible breadth of the toolkit.  For those of us who are trying to protect and secure computer networks and information assets, it is disconcerting to see the entire exploit list scroll down for more than two screens.  The list of features provided a sobering glimpse into the capabilities of cyber-attackers.

More information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.