26-year-old Taylor Huddleston, of Hot Springs, Arkansas, pleaded guilty today to charges of aiding and abetting computer intrusions.
According to the statement of facts filed with the plea agreement, Huddleston developed, marketed, and distributed two products that were extremely popular with cybercriminals around the world.
The first is the NanoCore RAT, a piece of malware that is used to steal information from victim computers, including sensitive information such as passwords, emails, and instant messages. The NanoCore RAT even allowed users to surreptitiously activate the webcam on the victim computers in order to spy on the victims.
Huddleston’s NanoCore RAT was used to infect and attempt to infect tens of thousands of computers. For example, in 2015 it was served to The Economist readers through malvertising, and used to target energy companies in Asia and the Middle East.
Huddleston’s other product, “Net Seal,” was licensing software that he sold to other software developers, some of whom used it to distribute their own malicious software.
For instance, Huddleston used Net Seal to assist one Zachary Shames in the distribution of malware to 3,000 people that was in turn used it to infect 16,000 computers. Shames was well-known on Hackforums.net (where Huddleston marketed Net Seal) as the developer and distributor of the Limitless keylogger.
In his guilty plea, Huddleston admitted that he intended his products to be used maliciously. He faces a maximum penalty of 10 years in prison and will be sentenced on December 8.