The co-creator of sophisticated BlackShades malware pleaded guilty Wednesday to a criminal charge after authorities said his product infected over a half-million computers in more than 100 countries.
Alex Yucel, 24, entered the plea in Manhattan federal court to a single count of distribution of malicious software.
Yucel told Judge P. Kevin Castel he knew that individuals who bought the malware would use it maliciously. He said he hopes to return to Sweden after serving his sentence. Currently incarcerated, Yucel has agreed not to appeal any sentence that’s less than 7 1/4 years in prison. Sentencing was scheduled for May 22.
Yucel was arrested in Moldova in November 2013. Prosecutors said the BlackShades Remote Access Tool, or “RAT,” has been sold since 2010 to several thousand users in more than 100 countries, enabling them to remotely take over the computers of others.
Michael Hogue, 23, of Maricopa, Arizona – the program’s co-creator – pleaded guilty in New York after his June 2012 arrest. He awaits sentencing. U.S. Attorney Preet Bharara has said he is cooperating.
In a news release Wednesday, Bharara said Yucel enabled anyone willing to pay $40 to violate the property and privacy of others. “With his guilty plea today, Yucel will now have to pay for his conduct,” Bharara said.
The malware lets hackers steal personal information, intercept keystrokes and hijack webcams to secretly record computer users. BlackShades also can be used to encrypt and lock computer data files, forcing people to pay a ransom to regain access.
Assistant U.S. Attorney Sarah Lai said that if the case had gone to trial, prosecutors planned to show jurors instant messages Yucel had written and stolen data found on the BlackShades server.
She said jurors also would have seen payments from thousands of BlackShades customers and would have heard testimony from cooperating co-defendants.