Select Page

A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan (RAT) called LuminosityLink has now been sentenced to 30 months in prison.

According to a press release published Monday by U.S. Attorney’s Office, Colton Grubbs, who used online moniker ‘KFC Watermelon,’ was pleaded guilty for three counts–unlawfully accessing computers in furtherance of a criminal act, money laundering, and illegal removal of property to prevent its lawful seizure.

First surfaced in April 2015, the LuminosityLink RAT (Remote Access Trojan), also known as Luminosity, was a hacking tool that was sold for $40, marketing itself as a legitimate tool for Windows administrators to “manage a large number of computers concurrently.”

However, in reality, LuminosityLink was designed to be a dangerous, remote access trojan that among other malicious features, allowed Grubbs’ customers to:

  • Record the keys that victims pressed on their keyboards
  • Surveil victims using their computers’ cameras and microphones
  • View and download the computers’ files
  • Steal names and passwords used to access websites

In his initial plea filing, Grubbs claimed that the LuminosityLink RAT was never intended to be used maliciously, and was a legitimate tool for system administrators.

However, in a plea agreement signed a year ago, Grubbs admitted that his malware would be used by some customers to remotely access and control computers without their victims’ computers without the victims’ knowledge or consent.

Grubbs also admitted of offering assistance to his customers to use the LuminosityLink RAT through posts and group chats on his own website and public internet forum

images from Hacker News