AFP Warn Online Users Over RATs Cyber Plague

RATs are a type of malicious malware that covertly take unauthorised control of a victim’s electronic device to steal sensitive personal information and to conduct surveillance on victims without their knowledge or consent.

The AFP charged an Australian man in April after he allegedly developed and sold a RAT called ‘Firebird’ to a number of customers on a hacking forum website.

AFP Acting Assistant Commissioner Chris Goldsmid said the AFP had identified an increase in cybercriminals attempting to exploit not only Australians but victims around the world through the use of Remote Access Trojans.

“These viruses, known as RATs, are the tools of cybercriminals and are built to spread and takeover a victim’s device, just like a plague,” he said.

“This is a reminder for all Australians to practice good cyber hygiene, and of how important it is to keep software and virus protection updated.

“Vulnerabilities in old or unprotected software are often the target for criminals attempting to gain control over a system so the owner can be targeted and exploited.

“Cybercriminals can build RATs that limit detection by some antivirus software, so users may not be notified if malware is installed or operating on their device.

“This type of cyber offending can evolve into extreme and malicious forms of data theft and victim manipulation, with criminals using stolen data to commit extortion or financial crimes.

“The AFP will continue to target and prosecute criminals purchasing the malware for illegal purposes such as gaining remote access to a victim’s computer, which holds a maximum penalty of 10 years’ imprisonment.”

A 27-year-old Geelong man was sentenced to a three-year good behaviour bond in the Geelong Magistrates Court after pleading guilty to five RAT-related offences in June 2023. The man purchased an Orcus RAT online from a Canadian national, and compromised more than 700 infected devices using the malware.

The Geelong man built computer game mods for a number of online games and embedded the RAT within those builds with the intent to steal data from gamers. Coders or online gamers usually build mods to improve or enhance a game for other gamers to enjoy for free or a small fee. Criminals seeking to exploit this will hide the RAT within a mod making it difficult for gamers to identify if it is infected with malware.

The AFP Cybercrime team have detected and removed mods containing malware for popular computer games including PUBG: Battlegrounds, Runescape, Minecraft and ARK Survival.

In another matter, the Malta Police Force arrested a 27-year-old Maltese national in February this year, for his alleged involvement in the distribution of the RAT ‘Warzone’ following intelligence provided by the AFP.

The alleged key figure was a part of an international cybercrime network that distributed ‘Warzone’ to other cybercriminals allowing them access to victims’ personal and online data.

The criminal use of RAT technology in Australia constitutes offences under the Criminal Code Act 1995 (Cth) including unauthorised modification of data to cause impairment, which has a maximum penalty of 10 years’ imprisonment.

If you think you are a victim of RAT malware, information on what to do next and how to protect yourself online can be found at

*Remote Access Trojans (RATs) are a form of malicious malware designed to allow an attacker to gain access and control an infected computer. ‘Nanocore Malware’ and ‘Orcus’ are variant forms of RAT malware.

/Public Release. View in full here.