A cheap and rudimentary hacking tool used by cybercriminals to covertly take over computers has been dismantled in an international policing operation.
The Luminosity Link RAT (Remote Access Trojan) allows digital crooks connect to a victim's machine undetected in order to disable anti-virus protection and either snoop on webcams or steal sensitive personal data such as usernames, passwords, photos and documents.
The RAT cost as little as £30 and users needed little technical knowledge to deploy it, according to the National Crime Agency, a law enforcement division which helped to coordinate the takedown.
A network of UK individuals supported its distribution across 78 countries and sold it to more than 8,600 buyers via a website dedicated to hacking. Investigators say there are thousands of victims across the world.
"Luminosity Link is an evil hacking tool that can devastate victims' lives," said senior investigating NCA officer David Cox in a statement. "Through our work with forces and international partners the RAT is no longer available for sale and no longer works."
The crackdown took place in September 2017, but details have only recently emerged due to "operational reasons". The scheme was launched and led by the UK's South West Regional Cyber Crime Unit in collaboration with Europol.
The NCA said that it eventually grew to include law enforcement agencies across 13 countries in Europe, the US and Australia - including 160 within the UK alone. So far, UK investigators have identified "multiple victims and evidence" of stolen personal details, log in credentials, passwords, private photographs, video footage and data.
This is expected to rise significantly as more devices are examined, experts said.
The tool was first discovered on the computer of a suspect in Bristol who was arrested in September 2016 on suspicion of Computer Misuse Act offences in a separate probe. Forensic analysis continues on suspects' computers.
Detective Inspector Ed Heath, head of the South West Regional Cyber Crime Unit, said: "The sale and deployment of this hacking tool were uncovered following a single arrest and the subsequent forensic examination of the computer. More than a year's complex work with international policing partners led us to identify a large number of offenders."
Steven Wilson, Head of Europol's European Cybercrime Centre, added: "Nobody wants their personal details or photographs of loved ones to be stolen by criminals. We continue to urge everybody to ensure their operating systems and security software are up to date".