The software cost just US$40. In return, hackers using the sinister BlackShades program could take over personal computers anywhere in the world.
Some stole sexually explicit photographs. Others trained their victims' webcams on them using a remote access tool.
Some were so bold that they even threatened victims who tried to block the online intrusions, prosecutors said as they announced charges against BlackShades users.
"It is without doubt one of the greatest threats to our country," said the US attorney in Manhattan, Preet Bharara.
Prosecutors in New York did not provide details about victims of BlackShades and its flagship feature, Remote Access Tool, or RAT, which let users hijack victims' computers.
But last year, officials said they found evidence that BlackShades had been used to spy on Miss Teen USA 2013 Cassidy Wolf.
Jared James Abrahams, 20, a student from Temecula, California, was jailed for 18 months in March after pleading guilty to computer hacking and extortion in that case.
Bharara said one of BlackShades' alleged co-creators, Alex Yucel, a Swedish citizen, had been arrested in Moldova and was awaiting extradition to the United States.
Also arrested was Brendan Johnston of Thousand Oaks, California, who is accused of selling BlackShades and providing technical support to customers.
According to the FBI, BlackShades had sales of more than US$350,000 between September 2010 and last month.
Buyers came from more than 100 countries. The software allowed anyone with US$40, a computer, and internet access to hack into computers. "BlackShades made taking over a computer so easy, even a caveman could do it," said Leo Taddeo, chief of the cybercrimes unit of the FBI office in New York.
The RAT feature enabled hackers to intrude on victims' privacy "in the most sinister way", Bharara said.
Among other things, prosecutors say users could "lock" victims' files, making them inaccessible; access victims' keystrokes; use a victim's webcam to spy on them; access their passwords; view their private photos; and send messages and e-mails which, when clicked on by unwitting recipients, would cause further infection.
So far, more than 90 people have been arrested in connection with BlackShades in a probe involving officials in 19 countries.
Bharara warned anyone who bought the software to come forward. "At a minimum, they should stop doing what they're doing," he said.
He said the FBI had detailed more than 6,000 customer accounts. "It's hard to get at everyone," he said. "We'll keep working to get as many others brought to justice as possible."