A Russian national has pleaded guilty in the US to developing and distributing the notorious SpyEye malware, which has infected more than a million computers and been used to steal millions of dollars.
Aleksandr Andreevich Panin, known online as 'Gribodemon' and 'Harderman', has pleaded guilty to conspiracy to commit wire and bank fraud.
Panin was the "primary developer and distributor" of the SpyEye virus, say authorities, selling different, tailored versions to at least 150 clients for prices ranging from $1000 to $8500.
The buyers used the malware to infect computers and remotely control them through command and control servers before stealing personal and financial information through Web injects, keystroke logging and credit card grabbers.
Authorities say that SpyEye was the world's pre-eminent malware toolkit between 2009 and 2011, making its way onto more than 1.4 million computers. One of Panin's clients, 'Soldier', is reported to have made more than $3.2 million in a six-month period.
Despite seeing its effectiveness diminish, the virus was still used to compromise more than 10,000 bank accounts last year, according to industry estimates.
In mid-2011 Panin sold a version of SpyEye to FBI agents in a sting. Later that year a grand jury returned a 23-count indictment against him and a co-defendant, Hamza Bendelladj.
Panin was arrested last July as he was passing through an airport in Atlanta and this week pleaded guilty. Bendelladj was picked up in Thailand last January and extradited to the US. His charges are pending.
US Attorney Sally Yates says: "As several recent and widely reported data breaches have shown, cyber-attacks pose a critical threat to our nation's economic security. Today's plea is a great leap forward in our campaign against those attacks."