Cyber crimes have no borders. The criminals can attack to a target located in another country and be disappeared so fast. It is so hard to investigate such events by the local authorities. It is also clear that the attackers are not physically met each other. They are all from different countries. As the attackers are distributed, the investigation system must be distributed too. A joint operation initiated last moth against a distributed malware system MegalodonHTTP.

In December 2015, Norway police arrested five hackers accused of possessing, using and selling the MegalodonHTTP Remote Access Trojan (RAT). The operation named “OP Falling sTAR.” had been made as a joint work between Europol and Norway’s Kripos National Criminal Investigation Service.

We can read from the blog post that Damballa’s Threat Discovery Center worked in cooperation with the Norwegian police over the last few months to track and identify the author of the malware called MegalodonHTTP. The arrested five men aged between 16 and 24 years and located in Romania, France, and Norway.

One of the arrested men confessed to selling the malware through his web store. The malware is designed to take the computers control, collecting passwords etc. Researchers also stated that these kind of malwares are expected to be not dependant from the platforms. But MegalodonHTTP malware is requiring .NET to run on the target systems.

Megalodon name is coming from ancient Greek means big tooth. It is been used for a kind of big shark in Lamnidae family.

According to the research made by Damballa’s Threat Discovery Center, MegalodonHTTP has some basic features. These features are listed in the forum in which the author introduced the malware.

MegalodonHTTP Features

MegalodonHTTP Features

MegalodonHTTP Features

Download and execute
7 ddos methods
Remote shell
Crypto miner
AV Killer

You can read the research in this web page. We took its conclusion part for our visitors;

Despite its imposing name, MegalodonHTTP is not an advanced malware. The author’s goal was to create modular malware with several features but remain as small as possible, around 20Kb. Despite, the author’s effort to create state-of-the-art malware, the general consensus in the criminal community remains pretty clear, he did not succeed. This blog is an“aperçu”of malware that’s easily available at a very affordable price. The author teamed up with a reseller to provide hosting for customers. Anyone with limited computer knowledge can acquire this malware and have it up and running in less than a day.