A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan (RAT) called LuminosityLink has now been sentenced to 30 months in prison.According to a press release published Monday by U.S. Attorney’s Office, Colton Grubbs, who used online moniker ‘KFC Watermelon,’ was pleaded guilty for three counts–unlawfully accessing computers in furtherance of a criminal act, money laundering, and illegal removal of property to prevent its lawful seizure.
First surfaced in April 2015, the LuminosityLink RAT (Remote Access Trojan), also known as Luminosity, was a hacking tool that was sold for $40, marketing itself as a legitimate tool for Windows administrators to “manage a large number of computers concurrently.”
However, in reality, LuminosityLink was designed to be a dangerous, remote access trojan that among other malicious features, allowed Grubbs’ customers to:
- Record the keys that victims pressed on their keyboards
- Surveil victims using their computers’ cameras and microphones
- View and download the computers’ files
- Steal names and passwords used to access websites
In his initial plea filing, Grubbs claimed that the LuminosityLink RAT was never intended to be used maliciously, and was a legitimate tool for system administrators.However, in a plea agreement signed a year ago, Grubbs admitted that his malware would be used by some customers to remotely access and control computers without their victims’ computers without the victims’ knowledge or consent.
Grubbs also admitted of offering assistance to his customers to use the LuminosityLink RAT through posts and group chats on his own luminosity.link website and public internet forum HackForums.net.
According to his last year plea agreement, the LuminosityLink RAT was sold for $39.99 apiece to more than 6,000 individuals, who used it maliciously to gain unauthorized access to thousands of computers across 78 countries worldwide.
“Our modern society is dependent on computers, mobile devices, and the use of the internet,” said Robert M. Duncan, Jr., United States Attorney for the Eastern District of Kentucky. “People simply have to have confidence in their ability to use these modern instruments to transact their business, privately communicate, and securely maintain their information.”
“It is essential that we vigorously prosecute those who erode that confidence and illicitly gain access to computer systems and the electronic information of others. Everyone benefits when this deceitful conduct is discovered, investigated, and prosecuted.”
According to the Justice of Department, Grubbs has been ordered to serve 85 percent of his prison sentence under federal law, and upon release, he will be under the supervision of the United States Probation Office for a term of 3 years.
Besides his sentence of incarceration, Grubbs has also been ordered to forfeit the money he made from his crimes, including 114 bitcoins (valued at over $725,000 today) which were seized by the FBI.