Young hacker faces 20-year prison sentence for creating prolific Imminent Monitor RAT

Graphic of a CCTV camera observing anonymous people in a crowd
(Image credit: Shutterstock)

The Australian police have arrested a 24-year-old hacker after a lengthy investigation tied him to the widely abused Imminent Monitor remote access trojan (RAT).

The spyware tool was downloaded by more than 14,500 people across 128 countries, the police said, and reportedly generated around $400,000 AUD for the cyber-criminal.

The Australian Federal Police (AFP) also said Imminent Monitor was allegedly first created by Jacob Wayne John Keen nine years ago when he was aged 15.

During its time on sale between 2013 and 2019, it has been used by numerous individuals including domestic and child abusers, among other criminals.

The spyware’s capabilities allowed customers to steal information from victims and spy on them in various ways, including surreptitious enabling and monitoring of the webcam and microphone, logging keystrokes, and remotely controlling the device too.

Imminent Monitor could be installed through various means, including phishing, the AFP said, and it believes there have been more than 10,000 victims worldwide.

“These types of malware are so nefarious because it can provide an offender virtual access to a victim’s bedroom or home without their knowledge,’’ said Chris Goldsmid, AFP commander of cyber crime operations.

“Unfortunately there are criminals who not only use these tools to steal personal information for financial gain but also for very intrusive and despicable crimes.”

The RAT was sold for around $25 USD for a single-user lifetime licence but additional options were available for teams of users sold at higher prices.

The creation and sale of Imminent Monitor prompted a global investigation from law enforcement after the AFP was handed information about the campaign from the FBI and security company Palo Alto Networks in 2017.

More than a dozen law enforcement agencies were involved in the investigation across Europe, issuing a total of 85 search warrants, seizing 434 devices and arresting 13 individuals for using the RAT.

Simply owning the RAT is not an offence, the AFP said, but installing it on another individual’s device is a violation of computer legislation.

AFP dedicated five officers to gathering information on, and ultimately shutting down the RAT. After Imminent Monitor was taken down in 2019, all copies across the globe ceased to work also.

In the same year, the accused individual’s home was searched by authorities and his computer was found with code files consistent with the development and use of the RAT.

The 24-year-old faces 6 criminal charges under computer misuse and data misuse legislation, including two counts of dealing with the proceeds of crime with a value exceeding $100,000.

He faces a maximum potential combined prison sentence of 20 years. A 42-year-old woman of the same address later revealed to be Keen’s mother, also faces one count of dealing with the proceeds of crime with a value exceeding $100,000 and also faces up to 20 years in prison, the AFP notice read.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.