Behind the scenes of the internet, a spyware “explosion” has changed cybercrime forever, putting more Australians at risk.

Over the past decade, the number of remote access Trojans on the black market has increased tenfold to at least 50, according to Shaanan Cohney, senior lecturer in cybersecurity at the University of Melbourne.

This increase coincides with a long-standing evolution of cybercrime – what was once a show of ego, dominance and control is now a lucrative business model.

“What we’ve seen is a relative explosion in the number of these products for sale,” Dr. Cohney said.

“Gangs or individuals who sell and manufacture this software… have a greater incentive to do so, because they realize that it could be profitable.”

Remote access Trojans are a popular type of spyware because they give users an “all-in-one” solution to stealing information, Dr. Cohney said.

In their wide range of powers, attackers can monitor keystrokes to see what victims are typing, remotely turn on webcams and microphones, and download programs to mine cryptocurrency.

Data on attacks specific to remote access Trojans is sparse, but the Australian Federal Police announced last week that the alleged mastermind behind a product called Imminent Monitor has been charged.

Over 14,500 people in 128 countries have bought it. Global cybersecurity firm Palo Alto Networks received 65,000 samples or reports of the program.

Police allege the 24-year-old earned up to $400,000 on Imminent Monitor, selling the program for around $35 – a relatively low price, Dr Cohney says, given some products cost tens of thousands .

More than one in three investigations conducted this year by the Palo Alto Networks cyber attack team were ransomware-related, making it the top attack.

Looking at historical data, this would mean that approximately 24,300 Palo Alto Networks annual cybercrime reports are ransomware-related.

However, there are indications that this number has increased alongside the proliferation of remote access Trojans, the firm says.

Palo Alto Networks, along with the FBI and European authorities, assisted Australian police in the Imminent Monitor investigation.

“Authorities are usually going to focus on a particular jurisdiction (and), because we’re a multinational company, we have this global perspective,” said Sean Duca, Japan and Asia-Pacific regional security manager. Palo Alto.

Eliminating a remote access Trojan has only a limited impact, Dr. Cohney said.

Tracking down the criminals behind them is “extremely difficult” and prosecuting them is even rarer, says Matt Warren, professor of cybersecurity at RMIT University.

“When you talk about people being prosecuted in Australia for cybercrime, you can count them on one hand,” Professor Warren said.

AFP believes that the 24-year-old’s case is the first case where a malware developer has been accused of aiding and abetting offenses committed by his clients.

The police operation which led to his charges was the first of its kind in Australia.

Overseas, the situation is becoming more complex. Russian authorities, for example, recruit ransomware gangs, Professor Warren explained.

He believes the relationship between private cybersecurity companies and authorities is a win-win situation, as authorities are often limited by expertise, salaries and reach.

International authorities and companies are now conducting ongoing investigations together.

The Australian Federal Police have co-led the operation with Europol since 2019 and acknowledge that the proliferation of malware poses a “significant challenge” to international law enforcement.