The arrests came as part of the joint operation between Norway's Kripos National Criminal Investigation Service and Europol, codenamed "OP Falling sTAR."
According to the United States security firm, all the five men, aged between 16 and 24 years and located in Romania, France, and Norway, were charged with possessing, using and selling malware.
One of those arrested also confessed to running his own web store where he sold malware, designed to take full control of target computers, harvesting passwords, and other personal data.
Moreover, the malware can be used to hijack webcams in real-time, and steal documents, images, and videos as well.
"Damballa's threat discovery center worked in cooperation with the Norway police over the last few months to track and identify the author of the malware dubbed MegalodonHTTP," threat researcher Loucif Kharouni wrote in a blog post.
"We are not at liberty to divulge the MegalodonHTTP author's real identity, but we can confirm that the person behind the handle Bin4ry is no longer active or doing business."
However, the researchers said MegalodonHTTP was not very powerful; in fact, it was "quite simple" and indicated the poor coding skills of its author, requiring .NET to be installed on infected systems.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Save My Seat!
MegalodonHTTP Remote Access Trojan
MegalodonHTTP included a number of features as listed below:
- Binary downloading and executing
- Distributed Denial of service (DDoS) attack methods
- Remote shell
- Antivirus Disabling
- Crypto miner for Bitcoin, Litecoin, Omnicoin and Dogecoin
However, MegalodonHTTP is not an advanced malware, according to the researchers, and its author wanted to develop modular malware with a number of malicious features, but remained "as small as possible, around 20Kb."
This malware was sold on amateur hacker hangout HackForum as well as on the bin4ry[dot]com website. In fact, before his arrest last month, the hacker was still selling the malware.
Just last week, Europol in cooperation with Romanian law enforcement authorities arrested eight criminal hackers suspected of being part of an international criminal gang that pilfered cash from ATMs using malware.