Content, Breach

International Law Enforcement Takes Down Website Selling NetWire Malware

Swimming sharks in dark waters. This is entirely 3D generated image.

International law enforcement has seized an internet domain that cyberattackers were using to sell malware on the dark web capable of stealing credentials from a victim’s computer.

The site,, was selling the Netwire remote access trojan (RAT), which targets a system’s operating system and creates a backdoor that allows it to spy on and gain control of the computer to execute malicious commands.

Croation National Arrested

In this action, authorities in Croatia on Tuesday arrested a Croatian national who allegedly was the administrator of the website. This defendant will be prosecuted by Croatian authorities. Additionally, law enforcement in Switzerland have seized the computer server hosting the NetWire RAT infrastructure, said U.S. District Attorney’s Office for the Central District of California officials.

The Federal Bureau of Investigation (FBI) in Los Angeles has been investigating the website since 2020. It was the only known distributor of NetWire. In the sting, FBI undercover investigators created an account on the website, paid for a subscription plan, and “constructed a customized instance of the NetWire RAT using the product’s builder tool,” according to the affidavit in support of the seizure warrant, the D.A.’s office said.

NetWire Probe Yields Results

The website marketed NetWire as a legitimate business tool to maintain computer infrastructure and the software was advertised on hacking forums. NetWire is well known to cybersecurity providers and federal law enforcement for its use in cybercrimes.

Commenting on the investigation, Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles field office, said:

“By removing the Netwire RAT, the FBI has impacted the criminal cyber ecosystem. The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cybercriminals.”

International operations to combat cybercrime has become a necessary tactic to slow the propagation of malicious software. Indeed, President Biden’s recently released National Cyber Strategy called for greater cooperation with foreign countries.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.