The Swiss Army Knife of Hacker-ware

Have you ever wondered just what an attacker can do once they gain access to your computer?  A 21 year old software coder is facing prison time for developing the ultimate Swiss Army knife of an “administrators'” tool-kit.  This tool was sold to over 6,000 people through an extensive affiliate marketing network.  Many of his customers were cyber-criminals who used the software to gain access to tens of thousands of computers in 78 countries.

Colton Grubbs sold and provided technical support for Luminosity Link between April 2015 and July 2017, until he was arrested by the FBI.  He recently signed a plea agreement that will result in 5 years in prison.

Luminosity Link and was a extremely full-featured remote access Trojan horse (RAT). According to the advertisement I found on Ranger Exploit, Luminosity Link boasted over 90 features in 18 categories including:

  • Deployment
  • Remote Control
  • Control via HTTP
  • Surveillance
  • Client management
  • Command prompt
  • Windows utilities
  • Reverse SOCKS proxy
  • Keylogger
  • Screenlogger
  • Anti-malware disablement
  • Download manager
  • Upload manager
  • Website visitor/hidden browsing
  • Automatically connect on startup
  • File search
  • Crypto-currency miner
  • Automatic updating
  • Browser password recovery
  • Email client password recovery

For a complete list of features, see my transcription of the Ranger Exploit page.
Luminosity Link RAT

The only place I found information about Luminosity Link is the web site of an organization called Ranger Exploit.  I looked up the domain name on ICANN’s WHOIS database for information about the registrant, but found no information about the site owner.  The domain name was registered on December 12, 2015.  The website is hosted on  Ranger Exploit also has a page on GitHub and Facebook, where they appear to be selling other exploits and tools.  The product page on Ranger Exploit appears to actually be an image based file rather than text, which is a bit unusual.  The FBI has shut down all of the distribution sites, so this on seems odd for many reasons, and perhaps is being used by the FBI as a honeypot to gather information about other potential buyers of the RAT.

The part I found most interesting was the incredible breadth of the toolkit.  For those of us who are trying to protect and secure computer networks and information assets, it is disconcerting to see the entire exploit list scroll down for more than two screens.  The list of features provided a sobering glimpse into the capabilities of cyber-attackers.

More information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.