Have you ever wondered just what an attacker can do once they gain access to your computer? A 21 year old software coder is facing prison time for developing the ultimate Swiss Army knife of an “administrators'” tool-kit. This tool was sold to over 6,000 people through an extensive affiliate marketing network. Many of his customers were cyber-criminals who used the software to gain access to tens of thousands of computers in 78 countries.
Colton Grubbs sold and provided technical support for Luminosity Link between April 2015 and July 2017, until he was arrested by the FBI. He recently signed a plea agreement that will result in 5 years in prison.
Luminosity Link and was a extremely full-featured remote access Trojan horse (RAT). According to the advertisement I found on Ranger Exploit, Luminosity Link boasted over 90 features in 18 categories including:
For a complete list of features, see my transcription of the Ranger Exploit page.
Luminosity Link RAT
The only place I found information about Luminosity Link is the web site of an organization called Ranger Exploit. I looked up the domain name ranger-exploit.com on ICANN’s WHOIS database for information about the registrant, but found no information about the site owner. The domain name was registered on December 12, 2015. The website is hosted on namecheap.com. Ranger Exploit also has a page on GitHub and Facebook, where they appear to be selling other exploits and tools. The product page on Ranger Exploit appears to actually be an image based file rather than text, which is a bit unusual. The FBI has shut down all of the distribution sites, so this on seems odd for many reasons, and perhaps is being used by the FBI as a honeypot to gather information about other potential buyers of the RAT.
The part I found most interesting was the incredible breadth of the toolkit. For those of us who are trying to protect and secure computer networks and information assets, it is disconcerting to see the entire exploit list scroll down for more than two screens. The list of features provided a sobering glimpse into the capabilities of cyber-attackers.