Bin4ry, whose real name was not disclosed by authorities, the creator of the MegalodonHTTP, was arrested in Norway in Operation Falling sTAR in December, 2015. The Europol led operation was launched in October against users of RATs (Remote Access Trojans). In the current (second) phase of the operation, Europol officers arrested 12 suspects in France, Norway and Romania. Five of them were arrested in Norway.
A big help for the case was Damballa a cybersecurity vendor based in the United States. He helped Europol in breaking down the botnets’ activities and helped Norwegian law enforcement authorities to track down the malware’s creator. Loucif Kharouni, senior threat researcher for Damballa made this statement:
“We are not at liberty to divulge the MegalodonHTTP author’s real identity, but we can confirm that the person behind the handle Bin4ry is no longer active or doing business.”
Damballa’s tech team analyzed MegalodonHTTP in late November 2015 since the malware was starting to become more popular on dark net markets.
The malware was sold both from (unnamed) dark web hacking forums, but also from the no longer existing bina4ry.com website, and it came equipped with an automated installer and administration panel, so even amateur hackers could use it without possessing advanced technical knowledge.
According to Bin4ry, MegalodonHTTP, the malware was ”capable of launching seven types of DDoS attacks, remote shells on infected machines, included Bitcoin mining features, but also had the option to kill antivirus processes.”
At the time of their analysis, the researchers at Damballa stated that despite the potentiality of features, the malware’s structure was a quite basic, which worked only on Windows systems and it needed .NET Framework installed, which narrowed the number of machines it could work from.