Law enforcement authorities in the US and Australia have apprehended two men allegedly involved in the development and sale of the Firebird remote access trojan (RAT) later rebranded as Hive.

According to the US Department of Justice, Edmond Chakhmakhchyan, a 24-year-old resident of Van Nuys, California, known online as “Corruption,” was a developer behind the Firebird RAT. He also promoted the malware on hacker forums.

The RAT implements a number of functionalities allowing a buyer to stealthily close or disable programs, browse files, record keystrokes, access incoming and outgoing communications, and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets.

Chakhmakhchyan was charged with multiple offenses, including one count of conspiracy to advertise a device as an interception tool, transmit malicious code to damage protected computers, and illicitly access computers for information acquisition. Additionally, he faces one count of advertising a device as an interception tool. Both charges carry a maximum statutory penalty of five years in federal prison. His trial date is set for June 4, 2024.

The Australian police didn’t name the second suspect, but said the man developed and sold ‘Firebird’ to customers on a dedicated hacking forum. The man faces twelve counts of computer offenses, including one count of produce data with intent to commit a computer offense, one count of control data with intent to commit a computer offense, and 10 counts of supply data with intent to commit a computer offense. The maximum penalty for each of these offenses is three years’ imprisonment. He is scheduled to appear in court on May 7, 2024.