21-year-old goes to jail for creating RAT software

Malware for $40 from a 21-year-old?

The United States Department of Justice has said that the 21-year-old Colton Grubbs had little to no respect for the country’s laws.

Colton Grubbs, a man living in Kentucky who had previously admitted to first creating and then selling a RAT or Remote Access Trojan that went by the name of LuminosityLink, now has been officially sentenced to a total of 30 months in a US federal prison.

Previously, Colton Grubbs had also pleaded guilty to a conspiracy involving him accessing computers in an unlawful manner to further a criminal act.

He has a multiple number of crimes against his name as well.

However, it still remains interesting that when the court charged Grubbs, he had no problems in claiming that LuminosityLink represented a legitimate tool for all kinds of system administrators.

Moreover, he also claimed that he did not ever intend for the LuminosityLink tool to be actually used for malicious activities.

However, Grubbs actually reverse course in July 2017 in an official plea agreement which he duly signed.

In the same document, Grubbs also admitted, perhaps for the very first time, that he had partial knowledge of the fact that some customers had used his LuminosityLink software application to gain control of various other computers, all without the knowledge of the owner of the computer machine or any prior permission.

Apart from that, Grubbs also admitted to actively emphasizing a great number of bonus malicious features in the official marketing materials which the company used for the promotion of the software application.

One of the malicious features of the software tool included the malicious ability for Grubbs’ LuminosityLink to actually install itself on a given computer machine without any notifications.

It could also,

  • Prevent various kinds of anti-malware software applications from first detecting and then removing the LuminosityLink software application.
  • Use the victim computer machine in order to launch various DDoS cyber attacks
  • Make use of various infected computer machines to mine digital cryptocurrencies.
  • Steal passwords and usernames which are used to access various websites and services
  • View and then download various computer files
  • Surveil victim machines and then use their computer microphones and cameras
  • Record user key presses


Grubbs managed to sell his software for just $40 a pop to a total of 6000-plus customers from various corners of the globe.

The United States Attorney for the Eastern District of Kentucky, Robert M.Duncan Jr., recently said (more precisely, on Monday) said that the current modern society was hugely dependent on mobile devices, computer machines and, of course, the use of the internet.

He also said in a statement that people simply had to have the sufficient level of confidence which is required in one’s ability to make use of all these modern instruments in order to take part in transactions for their business, secure and maintain their online information and privately communicate with whomever they want to communicate with.

The court also ordered Colton Grubbs to forfeit all the money that he had managed to ‘earn’ from his malicious software-related crimes which included 114 bitcoins which are currently worth around $725,000.

Did Grubbs learn from his criminal misdeeds?

Apparently, he has.

Grubb’s legal attorney, Brandon Marshall, wrote recently in a sentencing memorandum (to be more precise) that as a young teenager Colton Grubbs turned to programming and the online world of the internet as a, sort of, refuge from his parents.

He further said that Grubbs had to endure parents who frequently engaged in lengthy arguments with one another.

Marshall noted that there was every reason to hold the belief that Colton Grubb’s future would be extremely fruitful and/or positive and that he had learned from all his misdeeds.

Marshall also asked the court for just 24 months.

He also mentioned that Colton Grubbs also respectfully requested the concerned respected Court to consider his notable youth as the court tried to determine the right and appropriate jail sentence.

In contrast, the prosecutors actually asked the court to impose a jail sentence of a total of 36 months.

An assistant United States attorney, Neeraj K. Gupta, recently wrote that Grubbs had made a decent business of flouting of the country’s law except where the same law benefited him.

Moreover, Gupta mentioned that Grubbs also profited handsomely from helping out less sophisticated people in committing various kinds of computer intrusions.

Gupta further wrote that Grubbs’ messages showed that the 21-year-old from Kentucky did not have any respect for the law and actually showed contempt for social norms and moral rules.

Grubbs’ conspiracies and crimes required a fairly lengthy sentence, according to Gupta.

However, towards the end of the proceedings, the judge decided to split the difference of both party’s wanted jail time.


Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.