SoCal Man Arrested on Federal Charges Alleging He Schemed to Advertise and Sell ‘Hive’ Computer Intrusion Malware

LOS ANGELES – Federal authorities have arrested a San Fernando Valley man on federal charges alleging a scheme to market and sell malware that gave the malware purchasers control over victim computers and enabled them to access victims’ private communications, their login credentials, and other personal information, the Justice Department announced today.

Edmond Chakhmakhchyan, 24, of Van Nuys, who used the screenname “Corruption,” was arrested without incident Wednesday by special agents with the FBI. A two-count indictment was unsealed yesterday at Chakhmakhchyan’s arraignment, where he pleaded not guilty and was ordered to stand trial on June 4. His bond was set at $70,000.

The indictment alleges an agreement between the malware’s creator and Chakhmakhchyan in which Chakhmakhchyan would post advertisements for the Hive remote access trojan (RAT) on the “Hack Forums” website, accept Bitcoin payments for licenses to use the Hive RAT, and provide customer service to those who purchased the licenses.

Customers purchasing the malware “would transmit Hive RAT to protected computers and gain unauthorized control over and access to these computers, which allowed the RAT purchaser to close or disable programs, browse files, record keystrokes, access incoming and outgoing communications, and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets, all without the victims’ knowledge or permission,” according to the indictment.

Chakhmakhchyan allegedly began working with the creator of the Hive RAT, previously known as “Firebird,” approximately four years ago, and advertised online the RAT’s many features, including features that allowed the owner to remotely access victim computers and intercept communications and data without the victim knowing.

After advertising the Hive RAT, according to the indictment, Chakhmakhchyan exchanged electronic messages with purchasers and explained to one buyer that the malware “allowed the Hive RAT user to access another person’s computer without that person knowing about the access.” After this purchaser told Chakhmakhchyan that “the point” of using the Hive RAT was because the victim had “20k in bitcoin on a blockchain wallet” and “project files worth over 5k,” Chakhmakhchyan agreed to sell the Hive RAT, the indictment alleges. Later, Chakhmakhchyan allegedly also sold a license for the Hive RAT to an undercover employee of a law enforcement agency.

The indictment specifically charges Chakhmakhchyan with one count of conspiracy – to advertise a device as an interception device, to transmit a code to intentionally cause damage to a protected computer, and to intentionally access a computer to obtain information – as well as one count of advertising a device as an interception device. Each count carries a statutory maximum penalty of five years in federal prison.

An indictment is merely an allegation, and the defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

The FBI is investigating this matter. The Australian Federal Police provided substantial assistance in the investigation.

Assistant United States Attorney Sue J. Bai of the Terrorism and Export Crimes Section is prosecuting this case.

The Australian Federal Police also has charged an Australian national who is alleged to have been involved in the creation and sale of the malware, and the Commonwealth Director of Public Prosecutions will be prosecuting that matter.